You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.
dilucide
Cardiac Implantable Electronic Devices (CIED), such as cardiac pacemakers and defibrillators, are a fairly niche target for security researchers, in part due to a lack of manufacturer cooperation and device accessibility. This talk aims to provide insights into the challenges in device development and methods with which to research device security. Data accessibility to patients will be touched upon.
Leo Meyerovich, Sindre Breda
After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll walk through how that works, including videos of the many ways AI trips itself up that marketers would rather hide, and how to do it at home with free and open-source tools. CTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't "can we cheat at CTFs?" It's what happens when investigations evolve from analysts-who-investigate to analysts-who-manage-AI-investigators. We'll show you what that transition already looks like today and peek into some uncomfortable questions about what comes next.
Sophia Longwe
Abbreviations such as WSIS+20, IGF, IETF, DIEM, ICANN, PDP, ITU or W3C regularly appear in discussions about the Internet, yet often remain vague. This talk provides an update on the current state of Internet governance and explains why decisions made in United Nations processes have direct implications for technical standards, digital infrastructure, and power asymmetries.
Mikolai Gütschow, signum
Willkommen in der Zukunft: Beim LUG Camp in Wipperfürth und bei den Datenspuren in Dresden wurde digital bezahlt - mit GNU Taler als Event-Bezahlsystem. Noch einfacher als Bargeld, billiger als Kartenzahlung und ohne Eingriff in die Privatsphäre der Besucher*innen. Wir zeigen euch, wie auch ihr das bei eurer nächsten (Chaos-)Veranstaltung anbieten könnt!
Rike, Moritz Leiner
Der Hype um generative KI und die Gasindustrie bilden in Zeiten der Klimakrise eine bedrohliche Allianz für die Zukunft des Planeten.
David, LK Seiling
We explore what happens when Europe’s ambitious data access laws meet the messy realities of studying major digital platforms. Using YouTube as a central case, we show how the European Union’s efforts to promote transparency through the GDPR, the Digital Services Act (DSA), and the Digital Markets Act (DMA) are reshaping the possibilities and limits of independent platform research. At the heart of the discussion is a paradox: while these laws promise unprecedented access to the data that shape our digital lives, the information researchers and citizens actually receive is often incomplete, inconsistent, and difficult to interpret. In this talk, we take a close look at data donations from over a thousand Danish YouTube users, which at first glance did not reveal neat insights but sprawling file structures filled with cryptic data points. Still, if the work is put in, these digital traces offer glimpses of engagement and attention, and help us understand what users truly encountered or how the platform influenced their experiences. The talk situates this challenge within a broader European context, showing how data access mechanisms are set up in ways that strengthen existing power imbalances. Application processes for research data vary widely, requests are rejected or delayed without clear justification, and the datasets that do arrive frequently lack the granularity required for meaningful analysis. Yet the picture is not purely bleak. Citizens, researchers, and civil society already have multiple legal levers to demand greater transparency and accountability. The fundamental question is no longer whether democratic oversight is possible, but how we can use the tools at hand to make it real.
Patch, Sam. Beaumont (PANTH13R)
Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a "temporary" measure to combat this flaw, by coating chips in a material that would reflect UV. Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin. This project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.
Trikkitt
Keeping old projects working can be an uphill battle. This talk explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s. The challenges encountered, the lessons learnt, and how those can be applied to our own future projects to maximise the project lifetime.
SwaP
Wolfspelz
quintessence (she/her)
This workshop is to establish a longer term working group that will threat model and abusability test (different from abuse test) common open source governance and community frameworks. The primary focus of this session is for Phase 1 preparation: communications norms around this project.
Birdy1976
fluorescent_beige, Liam
We will give a brief introduction to the Reticulum Network Stack and announce what is new in 2025: - Reticulum will soon be available in Rust, which will allow users of embedded systems a better performance. - The new Reticulum BLE Interface enables the creation of autonomous mesh networks without any further hardware or central server. The interface can be used on Linux and Android. - The Columba App for Reticulum lowers the barrier of entry for using Reticulum.
Joshua Davila
What would it look like to build financial infrastructure for solidarity rather than speculation? While blockchain technology has largely been captured by libertarian and extractive market logic, it certainly does not need to be that way. In this talk, we'll explore Solidarity Primitives, development and architectural design patterns designed to forge economic solidarity between individuals and collectives. Drawing from our work at Bread Cooperative and research I've documented through my podcast, The Blockchain Socialist, we'll examine concrete examples like the BREAD community token, savings circles implementation, and the Solidarity Fund mechanisms that enable participatory funding without relying on venture capital or traditional financial intermediaries. We'll discuss how these primitives address a critical gap: the technical and coordination barriers that have historically made alternative economic models difficult to implement at scale. From worker cooperatives to mutual aid networks, the infrastructure simply hasn't existed. Peer-to-peer technologies can change that but only if designed with solidarity, not profit maximization, as the core principle. This talk is for anyone interested in the practical dimensions of building a post-capitalist economy: what does it actually look like to write code for collective autonomy? How do we ensure decentralized systems serve communities rather than concentrating power?
Lucas Werkmeister
In this presentation, we’ll take a quick look at lots of different applications that use Wikidata data.
Tommi
Most people and organizations have their very own way of acquiring, organizing, archiving, sharing, and collaborating on knowledge repositories. A broad spectrum of opinions and approaches resulted in a diverse and rich ecosystem of knowledge management solutions. Nevertheless, this also implies scattered and disconnected knowledge sources. What would it mean to build bridges among wikis and federate knowledge?
Pascal4F
Wir sind vom Nebelhorn Podcast der Scientists for Future in Hamburg und führen in unregelmäßigen Abständen Interviews, meist zu Klima und Gesellschaft. Je nach Gelegenheit werden wir auf dem 39c3 ein kleines Interview oder eine Hinter-den-Kulissen Sonderfolge aufnehmen. https://nebelhorn.podigee.io/
Volker
Die **Sicherheits_lücke** (https://sicherheitsluecke.fm) greift aktuelle Ereignisse und Trends der Cybersecurity auf. Im Podcast werden die Themen - gerne auch mal humoristisch, sarkastisch oder selbstironisch - von Volker Skwarek, Monina Schwarz und Ingo Timm mit Tiefgang aufbereitet. Mit dem Format **live** ist der Podcast auch regelmäßig auf Kongressen zu finden und diskutiert interessante Vorträge mit ausgewählten Gästen.