Theme
Conference my congress Visitors
You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.

Schedule

Theme
Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.
Schedule
all curated only assembly only self_organized only
Day 1 Day 2 Day 3 Day 4
recorded only not recorded only
Tracks
CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

 

Day 4
11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

One
Asahi Linux - Porting Linux to Apple Silicon (en)

sven

In this talk, you will learn how Apple Silicon hardware differs from regular laptops or desktops. We'll cover how we reverse engineered the hardware without staring at disassembly but by using a thin hypervisor that traces all MMIO access and then wrote Linux drivers. We'll also talk about how upstreaming to the Linux kernel works and how we've significantly decreased our downstream patches in the past year. As an example, we will use support for the Type-C ports and go into details why these are so complex and required changes across multi subsystems. In the end, we'll briefly talk about M3/M4/M5 and what challenges we will have to overcome to get these supported.
Security of Cardiac Implantable Electronic Devices (en)

dilucide

Cardiac Implantable Electronic Devices (CIED), such as cardiac pacemakers and defibrillators, are a fairly niche target for security researchers, in part due to a lack of manufacturer cooperation and device accessibility. This talk aims to provide insights into the challenges in device development and methods with which to research device security. Data accessibility to patients will be touched upon.
Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs (en)

Leo Meyerovich, Sindre Breda

After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll walk through how that works, including videos of the many ways AI trips itself up that marketers would rather hide, and how to do it at home with free and open-source tools. CTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't "can we cheat at CTFs?" It's what happens when investigations evolve from analysts-who-investigate to analysts-who-manage-AI-investigators. We'll show you what that transition already looks like today and peek into some uncomfortable questions about what comes next.

Fuse
Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling (en)

Patch, Sam. Beaumont (PANTH13R)

Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a "temporary" measure to combat this flaw, by coating chips in a material that would reflect UV. Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin. This project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.
Battling Obsolescence – Keeping an 80s laser tag system alive (en)

Trikkitt

Keeping old projects working can be an uphill battle. This talk explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s. The challenges encountered, the lessons learnt, and how those can be applied to our own future projects to maximise the project lifetime.