Real-world exploits and mitigations in Large Language Model applications
Johann Rehberger
With the rapid growth of AI and Large Language Models users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat and Google Bard.
beyond the trivial
Ilja van Sprundel
In this talk, we delve into the captivating realm of TCP/IP stack fuzzing. As the backbone of internet communication, the TCP/IP stack is a prime target for cyber threats. This presentation will unravel the intricacies of fuzzing techniques applied to several TCP/IP stacks, shedding light on how these methodologies can uncover bugs, crashes and vulnerabilities. From the fundamentals of packet fuzzing to advanced mutation strategies, attendees will gain valuable insights into the proactive ways to fuzz a TCP/IP stack. Whether you're a seasoned cybersecurity professional or a curious enthusiast, this talk promises to be an enlightening journey into the heart of TCP/IP stack security and the crucial role of fuzzing in safeguarding our interconnected world.
Digital-ökologische Zukunftsvorstellungen in der deutschsprachigen Diskurslandschaft
AnjaH, Mascha Schädlich
Supereffiziente digitale Technik als Lösung aller Probleme oder doch lieber die selbstgebaute ressourcensparsame Low-Tech-Variante? Die Zukunftsvorstellungen, die den Einsatz digitaler Technik und ökologische Fragen zusammendenken, sind in der deutschen Diskurslandschaft nicht gerade üppig gesät. Im Vortrag werden die Ergebnisse einer Kurzstudie präsentiert, bei der wir die Zukunftsvorstellungen digital-ökologischer Transformation bei gesellschaftspolitischen Akteuren gesucht, analysiert und zu Visionskategorien zusammengefasst haben.
How to shrink deep learning models, and why you would want to.
etrommer
This talk will give a brief introduction of deep learning models and the energy they consume for training and inference. We then discuss what methods currently exist for handling their complexity, and how neural network parameter counts could grow by orders of magnitude, despite the end of Moore's law.
Alles, was ihr immer über Social Engineering wissen wolltet, aber nie die Zeit hattet, zu erfragen.
K4tana
In diesem Vortrag beschreibe ich die Geschichte und den Gegenstand des Social Engineerings über den Tech-Kontext hinaus und erkläre anhand relevanter Forschung, wie, warum und bei wem es wirkt. Die modernen technischen Herausforderungen werden ebenso erläutert wie Maßnahmen, die jetzt oder in der Zukunft gegen Social Engineering getroffen werden können – individuell oder in Gruppen bzw. Organisationen.
Unleashed!
edavidova@gmail.com, Sakrowski, Sembo
Presentation/introduction to the ongoing 37C3 art exhibition groupshow with Joachim Blank, Eva Davidova, Meredith Drum, exonemo, Jonas Lund, Sahej Rahal, Ingeborg Wie by panke.gallery (Sakrowski).
Nix los und viel zu tun
Anna Biselli, Henning
Über die letzten vier Jahre sind in der Nautosphäre um den Chaos Computer Club, Deutschland, Europa und der Welt aufregende, irritierende, bemerkenswerte und empörenswerte Dinge passiert, bei deren Einordnung wir gerne helfend zur Seite stehen wollen. Von Berichten aus den Erfahrungsaustauschkreisen über die digitalen Hausbesuche bei den Luca-Apps dieser Welt, von kleinen und riesengroßen Hacker-Veranstaltungen zu den inzwischen schöne Tradition gewordenen Gutachten für unser Verfassungsgericht wollen wir in vielen kleinen Wortmeldung ein rundes Bild zu den Entwicklungen der letzten vier Jahre und einen Ausblick auf das Jahr 2024 geben.
Eine Tragödie in X Akten
Dr. Patrick Breyer, khaleesi, Prof. Ulrich Kelber
In diesem Vortrag wollen wir auf die letzten knapp drei Jahre Kampf gegen die Chatkontrolle zurückblicken. Ein Kampf, der genauso droht zu einem Wiedergänger zu werden wie die Vorratsdatenspeicherung. Wir waren auf eine harte Auseinandersetzung um Überwachung und sichere Kommunikation vorbereitet. Als Patrick 2020 angefangen, hat uns vor dem, was da kommt, zu warnen, haben wir nicht erwartet, dass es sich zu einer Tragödie entwickeln würde, in der es nicht um Kinderschutz oder Überwachung geht. Sondern um eine Kommission, der jedes Mittel recht ist. Und Korruption und Lobbyskandal.
A critical talk about sustainability, technology, society, growth and ways ahead
Maja Göpel
The aim of this talk is to critically analyse the use of digital technology in the current context of global ecological injustice and the collapse of ecosystems. But how can we strive for and promote a sustainable, just and democratic digital future? The challenges are huge and include the digital world's hunger for energy as well as the exploitative global practices of tech companies or the discussion of the current AI sustainability hype. But which digital tools make sense, which do not and how can we achieve global social emancipation from self-destructive structures and towards ecological sustainability and a and a just world?
Best of Informationsfreiheit & Gefangenenbefreiung
arnese
Wie umgehen mit der politischen Verzweiflung? Was tun, wenn der Staat keine der Krisen wirklich noch bekämpfen kann, sondern nur neue erzeugt? Reicht es noch, für Transparenz zu kämpfen? Das Beste aus dem letzten Jahr – nein, aus den letzten vier Jahren! – FragDenStaat und Informationsfreiheit. Wir plaudern aus dem Nähkästchen von verlorenen Klagen gegen Frontex über Nazis im EU-Parlament bis zu den Pimmelgate-Akten und darüber, wie aus einer kleinen Recherche die größte Gefangenenbefreiung der deutschen Geschichte wurde.
Uncovering fake base stations on iOS devices
lukasarnld
Your phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem.
Ella Zickerick, Lina Schwarzenberg, Sebastian Schmieg
Do you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.
bkastl, Daniel Leisegang
Karl Lauterbach und die EU-Kommission haben eines gemeinsam. Beide wollen in Windeseile die Digitalisierung des Gesundheitssektors voranbringen. Die elektronische Patientenakte soll im Januar 2025 für alle Bundesbürger:innen kommen. Im gleichen Jahr ist der Start des sogenannten Europäischen Gesundheitsdatenraums geplant.
Wie man Stalkerware und Staatstrojaner auf Smartphones finden kann
vik3000
Smartphones sind in den letzten zehn Jahren zu einem allseits beliebten Angriffsziel geworden, sei es für Stalkerware, Staatstrojaner oder Banking-Malware. In diesem Vortrag wollen wir einen Überblick geben, mit welchen Techniken und Open-Source-Tools man auf Smartphones (unter iOS und Android) auf die Jagd nach Malware gehen kann. Im Anschluss findet ein Workshop mit einem praktischen Teil zum Ausprobieren einiger dieser Techniken statt.
Mit Computern das Leben zum Schlechteren verändern
Anna Biselli
Digitale Bezahlkarten, Migrationsvorhersage mit sogenannter KI, digitalisierte Grenzen zur Festung Europa und immer mehr davon. Ein Überblick, wie Digitalisierung jenseits des öffentlichen Aufschreis genutzt wird, um den Pull-Faktor Menschlichkeit zu drücken.
A Beginner’s Guide
Christoph Wolff, Pascal Zenker
This introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.
What We (Don't) Know About the Most Energetic Events in the Universe
Annika Rudolph, Sylvia Zhu
In October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?
How Astronomy Knew 6 Planets, Then Found 20 More, Then Went Back To 8 (For Now)
Michael Büker
The Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!
using my blog as example
Fefe
I have previously given talks about security principles and approaches like Least Privilege, TCB Minimization, and Self Sandboxing. The most frequent feedback has been "I don't know how to apply this in practice". So, in this talk, I will show how I applied those principles in a real-world software project: a CRUD web app. My blog. I introduced dangerous attack surface on purpose so I could some day give a talk about how to apply these techniques to reduce risk. This is that talk. I will also introduce the concept of append-only data storage.
The GB Interceptor
DiCon
How do you capture a video from an 1989's Game Boy without modding the original hardware? With an adapter cartridge that spies on the memory bus! Let's talk about how to reconstruct the Game Boy's memory state, emulate its graphics unit and then encode the image into an MJPEG stream for anyone to use as a USB video class device. In realtime. On an rp2040 microcontroller.
Wie wir mit begrenzten Mitteln ein U-Boot gebaut haben und was ihr draus lernen könnt.
Elias, quirsh
3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen. Wir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.
A Dive into Reverse Engineering and Understanding the iPod Touch
Martijn de Vos
This talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.
cerebro, e7p, Steffen Becker
Ensuring the integrity of Integrated Circuits (ICs) against malicious hardware Trojans is paramount for secure electronic devices. One approach involves imaging the manufactured chips to compare them with their original design files. While such techniques for detecting Trojans are relatively well-known in the industry, there is a notable absence of comprehensive, publicly available case studies. To bridge this gap, we unveil a Red Team vs. Blue Team case study on hardware Trojan detection across four digital ICs in various modern feature sizes. We share our findings, algorithms, and image datasets, shedding light on the efficiency of these techniques, and offer insights into the impact of technology scaling on detection performance.
a journey from emissions to exposure
Johannes Bieser, Martin Otto Paul Ramacher
High performance computing (HPC) in environmental science is usually associated with research on climate change, investigating the impact of atmospheric greenhouse gases (GHG) over the next century. Besides these GHGs, there are many other gases and aerosolos in the atmosphere, which have a much more direct and immediate impact on human health: air pollutants.
Adam Batori
Following the failure and easy exploitation of the AACSv1 DRM on HD-DVD and Blu-ray, AACS-LA went back to the drawing board and announced the next generation AACSv2 DRM scheme, launching alongside 4K UHD Blu-ray in 2015. Since then, nearly no information has come out publicly about any vulnerabilities or even the algorithms themselves, owing in large part to software players requiring the use of Intel SGX secure enclave technology, which promises integrity and confidentiality of AACSv2 code and data through local and remote attestation mechanisms. Join us as we explore the broken history of AACS, describe practical side-channel attacks against SGX, and present the first look into the inner workings of AACSv2 DRM, culminating in a demonstration of the first full compromise of AACSv2 and unofficial playback of a UHD-BD disc.
Unlearning & Radical Collective Change in Online Communities
Dorian Cavé
Let's explore how online communities of activists can help to bring about forms of radical collective change, through decolonial practices of social (un)learning. What enabling conditions need to be put in place? And what counts as "radical change" in the first place?!
Konrad Kohbrok, Raphael Robert
They call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption was published in July and brings large improvements in performance and security compared to existing protocols. We are here to present Messaging Layer Security, its ecosystem and its roadmap. The MLS protocol is already being used in production to end-to-end encrypt Webex conference calls and will soon provide encryption for Android messages and RCS 2.0 for billions of users. Other messaging tools (such as Discord, Matrix, Wire, etc.) are currently trialing MLS and are expected to follow. Why was the protocol developed in the first place? How does it work? What are the next steps for MLS?
Sofia Kirke Forslund-Startceva
Why do some people stay fit and healthy easier than others, even when following the same health advice? Why does the same medication work well in one person, but not in another? Some of our individuality in these regards may trace to which bacteria we carry in the soil of our intestinal gardens. In this talk, drawing on work by my own research lab at the Charité and on that by our collaborators and rivals elsewhere in the world, I outline what we know, what we speculate, and what obstacles remain in the way of widespread adoption of personalized health prevention through microbiome sequencing.
Data centers on indigenous land in Northern Europe
Kim, Maris
What is Sápmi? And who are the Sami people? Why is their land threatened by the so-called Green Transition? Why is Europe's largest data centre being built on their land? We would like to try to answer these questions and explain in detail why "our green transition" is a threat to the land and rights of the Sami people. We will also discuss the so-called green server infrastructure in Sápmi for example the largest data centre in Europe (by Facebook). We are from the Decolonise Sápmi info tour through Germany and not Sámi ourselves. Our talk is based on presentations given by Sámi people during our tour.
A look into pipelines ending in museums and not in the cloud
obelix
In the original Hacker Ethics, Steven Levy stated that "you can create art and beauty on a computer". That was 40 years ago, creating art and beauty is one thing, but how do you maintain or develop it as a gallery, archive or museum? You know all about CI/CD and deploying to "the cloud"? Well, let me show you how to deploy to a museum or art space. Important note: this talk is not about NFTs.
Vortrag und Lesung
Caro Keller (NSU-Watch)
Die zwölf Jahre seit der Selbstenttarnung des NSU haben gezeigt, dass auf den Staat bei der Aufklärung und Aufarbeitung von rechtem Terror kein Verlass ist. Deshalb haben Betroffene von rechter Gewalt, Antifaschist\*innen und Zivilgesellschaft diese Aufgabe wieder und wieder selbst in die Hand genommen. Die daraus gewonnenen Analysen, die Aufklärung und die entstandenen solidarischen Netzwerke sind vielfältiger, als sich viele am Anfang vorgestellt haben. Doch wir wollen fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern?
sre
Mainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look.
Sound art performance exploring the concept of translation and containers by in both digital and analog realms
Pedro A. Ramírez
The work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation.
(Live-Stream of Saal 1) Do you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.
This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.
Ptelepathetique is an electronic music project of Scott Beibin focusing on experiments with psychoacoustics.
Gameboy 8 Bit live
Producer/DJ from Hamburg Germany. One half of Schulverweis.
Ratkat, a Hamburg native, resident DJ at Golden Pudel Club, organizing the club and concertnight “Next Time” together with NIka Son. She has a liveact under the moniker Pose Dia.