dilucide
Cardiac Implantable Electronic Devices (CIED), such as cardiac pacemakers and defibrillators, are a fairly niche target for security researchers, in part due to a lack of manufacturer cooperation and device accessibility. This talk aims to provide insights into the challenges in device development and methods with which to research device security. Data accessibility to patients will be touched upon.
Leo Meyerovich, Sindre Breda
After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll walk through how that works, including videos of the many ways AI trips itself up that marketers would rather hide, and how to do it at home with free and open-source tools. CTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't "can we cheat at CTFs?" It's what happens when investigations evolve from analysts-who-investigate to analysts-who-manage-AI-investigators. We'll show you what that transition already looks like today and peek into some uncomfortable questions about what comes next.
Constanze Kurz, Ron
Was hat sich im Jahr 2025 im Bereich IT-Sicherheit getan? Welche neuen Methoden, Buzzwords und Trends waren zu sehen? Was waren die fiesesten Angriffe und die teuersten Fehler?
Sophia Longwe
Abbreviations such as WSIS+20, IGF, IETF, DIEM, ICANN, PDP, ITU or W3C regularly appear in discussions about the Internet, yet often remain vague. This talk provides an update on the current state of Internet governance and explains why decisions made in United Nations processes have direct implications for technical standards, digital infrastructure, and power asymmetries.
Mikolai Gütschow, signum
Willkommen in der Zukunft: Beim LUG Camp in Wipperfürth und bei den Datenspuren in Dresden wurde digital bezahlt - mit GNU Taler als Event-Bezahlsystem. Noch einfacher als Bargeld, billiger als Kartenzahlung und ohne Eingriff in die Privatsphäre der Besucher*innen. Wir zeigen euch, wie auch ihr das bei eurer nächsten (Chaos-)Veranstaltung anbieten könnt!
Rike, Moritz Leiner
Der Hype um generative KI und die Gasindustrie bilden in Zeiten der Klimakrise eine bedrohliche Allianz für die Zukunft des Planeten.
David, LK Seiling
We explore what happens when Europe’s ambitious data access laws meet the messy realities of studying major digital platforms. Using YouTube as a central case, we show how the European Union’s efforts to promote transparency through the GDPR, the Digital Services Act (DSA), and the Digital Markets Act (DMA) are reshaping the possibilities and limits of independent platform research. At the heart of the discussion is a paradox: while these laws promise unprecedented access to the data that shape our digital lives, the information researchers and citizens actually receive is often incomplete, inconsistent, and difficult to interpret. In this talk, we take a close look at data donations from over a thousand Danish YouTube users, which at first glance did not reveal neat insights but sprawling file structures filled with cryptic data points. Still, if the work is put in, these digital traces offer glimpses of engagement and attention, and help us understand what users truly encountered or how the platform influenced their experiences. The talk situates this challenge within a broader European context, showing how data access mechanisms are set up in ways that strengthen existing power imbalances. Application processes for research data vary widely, requests are rejected or delayed without clear justification, and the datasets that do arrive frequently lack the granularity required for meaningful analysis. Yet the picture is not purely bleak. Citizens, researchers, and civil society already have multiple legal levers to demand greater transparency and accountability. The fundamental question is no longer whether democratic oversight is possible, but how we can use the tools at hand to make it real.
nicoduck
Infrastructure teams present what they did for this years congress and why they did it that way.
Patch, Sam. Beaumont (PANTH13R)
Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a "temporary" measure to combat this flaw, by coating chips in a material that would reflect UV. Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin. This project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.
Trikkitt
Keeping old projects working can be an uphill battle. This talk explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s. The challenges encountered, the lessons learnt, and how those can be applied to our own future projects to maximise the project lifetime.
Tomate_aka_Radikale_Liebe
mozdeco
SwaP
Wolfspelz
ylt
Luna
42triangles (she/her)
zenme
quintessence (she/her)
This workshop is to establish a longer term working group that will threat model and abusability test (different from abuse test) common open source governance and community frameworks. The primary focus of this session is for Phase 1 preparation: communications norms around this project.
Birdy1976
fence
fluorescent_beige, Liam
We will give a brief introduction to the Reticulum Network Stack and announce what is new in 2025: - Reticulum will soon be available in Rust, which will allow users of embedded systems a better performance. - The new Reticulum BLE Interface enables the creation of autonomous mesh networks without any further hardware or central server. The interface can be used on Linux and Android. - The Columba App for Reticulum lowers the barrier of entry for using Reticulum.
Joshua Davila
What would it look like to build financial infrastructure for solidarity rather than speculation? While blockchain technology has largely been captured by libertarian and extractive market logic, it certainly does not need to be that way. In this talk, we'll explore Solidarity Primitives, development and architectural design patterns designed to forge economic solidarity between individuals and collectives. Drawing from our work at Bread Cooperative and research I've documented through my podcast, The Blockchain Socialist, we'll examine concrete examples like the BREAD community token, savings circles implementation, and the Solidarity Fund mechanisms that enable participatory funding without relying on venture capital or traditional financial intermediaries. We'll discuss how these primitives address a critical gap: the technical and coordination barriers that have historically made alternative economic models difficult to implement at scale. From worker cooperatives to mutual aid networks, the infrastructure simply hasn't existed. Peer-to-peer technologies can change that but only if designed with solidarity, not profit maximization, as the core principle. This talk is for anyone interested in the practical dimensions of building a post-capitalist economy: what does it actually look like to write code for collective autonomy? How do we ensure decentralized systems serve communities rather than concentrating power?
Casey Ford
Online anonymity is being demonized and undermined. But anonymity has an important social function for preserving individuals and group against social threats. We will argue for the philosophical and political value of being anonymous, especially against the rising state of capture in state and corporate surveillance. Anonymity is more than namelessness: it's a tool of resistance.
Ron Turetzky
Mutual-vend.com - smallest self contained coop decentrally owned and operated infra
Kai Bojens
Auf dem Bundesparteitag der Grünen habe ich den Antrag gestellt, sich für ein europäisches Grundrecht auf Verschlüsselung einzusetzen. Dieser Antrag wurde angenommen und ich will jetzt mal schauen, inwiefern dieses Thema außerhalb der Politik auf Unterstützung trifft und wie man zum Beispiel in der Zivilgesellschaft dafür Verbündete finden kann.
Sapi, Clara & Co.
Chaos prepping in case of communication collapse Was würden wir tun, wenn dies der letzte Congress wäre, wo wir in der gewohnten Art miteinander kommunizieren oder uns frei miteinander treffen könnten - wenn ein nächster Congress wegen Faschisten, Überwachung und/oder anderer Katastrophe in dieser Form nicht mehr möglich wäre? What would we do, if this would be the last congress in which we could meet freely and communicate in the known way, if a next congress somehow would not be possible this way, because of faschism, surveillance and/or other catastrophe? Ein kurzer Austausch zu Szenarien und Ansätzen, damit umzugehen. A brief exchange on scenarios and possible ways to deal with them.
micu, sylvia
Wir begeben uns auf eine Entdeckungsreise durch Linux - von der Vielfalt eines Betriebssystems. Was ist (F)OSS? Wie sieht so ein Linux aus? Was kann man damit machen? Und kann man damit auch spielen?
Jeden Tag geben wir einen kurzen Einblick in den Aufbau der CADUS Academy: unserer offenen Lernplattform für medizinische, technische und psychosoziale Trainings. Wir zeigen, wo wir gerade stehen, welche Ideen wir verfolgen und wie die Community sich einbringen kann. Fragen, Feedback und spontaner Austausch ausdrücklich willkommen.
Ein Crashkurs, in dem wir praktisch ausprobieren, wie man am Besten eine Person trägt, die nicht mehr selbst mobil ist. Ob verletzt, bewusstlos oder einfach nur betrunken - es schadet nie zu wissen, wie man in brenzligen Situationen nicht nur Verantwortung, sondern auch einen Körper trägt.
Lucas Werkmeister
In this presentation, we’ll take a quick look at lots of different applications that use Wikidata data.
Tommi
Most people and organizations have their very own way of acquiring, organizing, archiving, sharing, and collaborating on knowledge repositories. A broad spectrum of opinions and approaches resulted in a diverse and rich ecosystem of knowledge management solutions. Nevertheless, this also implies scattered and disconnected knowledge sources. What would it mean to build bridges among wikis and federate knowledge?
Anke Holst
WhatsApp groups have become the default tool for coordinating anything. Also, WhatsApp groups are terrible. We all have stories. From an architectural point of view, they are terrible because the least configurable platform. There is a 1 and a 0 - you are a member of a group and get every message, or you are not a member and get no message. We used to have tools that worked better. Every forum built on free forum software would work better. The problem is - everyone who hears "we should organise" immediately imagines a WhatsApp group. There is knowledge out there about how to build tools and help people organise through them - but we have no language. I am proposing Collaboration Architecture. What do we think?
Pascal4F
Wir sind vom Nebelhorn Podcast der Scientists for Future in Hamburg und führen in unregelmäßigen Abständen Interviews, meist zu Klima und Gesellschaft. Je nach Gelegenheit werden wir auf dem 39c3 ein kleines Interview oder eine Hinter-den-Kulissen Sonderfolge aufnehmen. https://nebelhorn.podigee.io/
Volker
Die **Sicherheits_lücke** (https://sicherheitsluecke.fm) greift aktuelle Ereignisse und Trends der Cybersecurity auf. Im Podcast werden die Themen - gerne auch mal humoristisch, sarkastisch oder selbstironisch - von Volker Skwarek, Monina Schwarz und Ingo Timm mit Tiefgang aufbereitet. Mit dem Format **live** ist der Podcast auch regelmäßig auf Kongressen zu finden und diskutiert interessante Vorträge mit ausgewählten Gästen.