Theme
Conference my congress Visitors
You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.

Schedule

Theme
Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.
Schedule
all curated only assembly only self_organized only
Day 1 Day 2 Day 3 Day 4
recorded only not recorded only
Tracks
CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

 

Day 1
10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30
Day 2
06:00

06:30

07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30
Day 3
06:00

06:30

07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30
Day 4
06:00

06:30

07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

One
Opening Ceremony (de)

pajowu, Stella

Power On! Lasst uns gemeinsam an diesem magischen Ort ankommen und alles vorbereiten, um die nächsten vier Tage in einer fröhlich-kreativen, fantastischen Wunderwelt zu verbringen und Kraft zu tanken.
Zentrum für Politische Schönheit: Ein Jahr Adenauer SRP+ und der Walter Lübcke Memorial Park (en)

Stefan Pelzer, Philipp Ruch

Es ist genau ein Jahr her, dass der Adenauer SRP+ in der Halle des 38C3 stand. Damals war er noch eine Baustelle, aber schon bald machte er sich auf den Weg, um Geschichte zu schreiben. Wir nehmen euch mit auf eine Reise: von Blockade über Protest, von Sommerinterviews bis zu Polizeischikanen lassen wir ein Jahr Adenauer SRP+ Revue passieren. Das könnte lustig werden. Außerdem: alles zum Walter Lübcke-Memorial-Park, den wir gerade direkt vor die CDU-Zentrale gebaut haben. Owei owei: Das wird viel für 40 Minuten.
Opening pAMDora's box and unleashing a thousand paths on the journey to play Beatsaber custom songs (en)

tihmstar

While trying to apply fault injection to the AMD Platform Security Processor with unusual (self-imposed) requirements/restrictions, it were software bugs which stopped initial glitching attempts. Once discovered, the software bug was used as an entry to explore the target, which in turn lead to uncovering (and exploiting) more and more bugs, ending up in EL3 of the most secure core on the chip. This talk is about the story of trying to glitch the AMD Platform Security Processor, then accidentally discovering several bugs and getting a good look inside the target, before returning to trying to hammer it with novel physical strategies.
All my Deutschlandtickets gone: Fraud at an industrial scale (en)

Q Misell, 551724 / maya boeckh

The Deutschlandticket was the flagship transport policy of the last government, rolled out in an impressive timescale for a political project; but this speed came with a cost - a system ripe for fraud at an industrial scale. German public transport is famously decentralised, with thousands of individual companies involved in ticketing and operations. Unifying all of these under one national, secure, system has proven a challenge too far for politicians. The end result: losses in the hundreds of millions of Euros, compensated to the transport companies from state and federal budgets to keep the system afloat, and nobody willing to take responsibility. This talk will cover the political, policy, and technical mistakes that lead to this mess; how we can learn from these mistakes; and what we can do to ensure the Deutschlandticket has a viable future.
To sign or not to sign: Practical vulnerabilities in GPG & friends (en)

49016, Liam

Might contain zerodays. https://gpg.fail/ From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitously relied on to provide cryptographic assurances. Many applications from secure communications to software updates fundamentally rely on these utilities. Since these have been developed for decades, one might expect mature codebases, a multitude of code audit reports, and extensive continuous testing. When looking into various PGP-related codebases for some personal use cases, we found these expectations not met, and discovered multiple vulnerabilities in cryptographic utilities, namely in *GnuPG*, *Sequoia PGP*, *age*, and *minisign*. The vulnerabilities have implementation bugs at their core, for example in parsing code, rather than bugs in the mathematics of the cryptography itself. A vulnerability in a parser could for example lead to a confusion about what data was actually signed, allowing attackers without the private key of the signer to swap the plain text. As we initially did not start with the intent of conducting security research, but rather were looking into understanding some internals of key management and signatures for personal use, we also discuss the process of uncovering these bugs. Furthermore, we touch on the role of the OpenPGP specification, and the disclosure process.
Die Känguru-Rebellion: Digital Independence Day (de)

Marc-Uwe Kling, Linus Neumann

Marc-Uwe Kling liest neues vom Känguru vor.
Bluetooth Headphone Jacking: A Key to Your Phone (en)

Dennis Heinze, Frieder Steinmetz

Bluetooth headphones and earbuds are everywhere, and we were wondering what attackers could abuse them for. Sure, they can probably do things like finding out what the person is currently listening to. But what else? During our research we discovered three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha. These chips are used by many popular device manufacturers in numerous Bluetooth headphones and earbuds. The identified vulnerabilities may allow a complete device compromise. We demonstrate the immediate impact using a pair of current-generation headphones. We also demonstrate how a compromised Bluetooth peripheral can be abused to attack paired devices, like smartphones, due to their trust relationship with the peripheral. This presentation will give an overview over the vulnerabilities and a demonstration and discussion of their impact. We also generalize these findings and discuss the impact of compromised Bluetooth peripherals in general. At the end, we briefly discuss the difficulties in the disclosure and patching process. Along with the talk, we will release tooling for users to check whether their devices are affected and for other researchers to continue looking into Airoha-based devices. Examples of affected vendors and devices are Sony (e.g., WH1000-XM5, WH1000-XM6, WF-1000XM5), Marshall (e.g. Major V, Minor IV), Beyerdynamic (e.g. AMIRON 300), or Jabra (e.g. Elite 8 Active).
Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps (en)

Mona

In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity. This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere.
Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots (en)

Shipei Qu, Zikai Xu, Xuangan Xiao

We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.
CCC-Jahresrückblick (de)

Constanze Kurz, khaleesi, Matthias Marx, Linus Neumann, erdgeist

Das war nicht das Jahr 2025, das wir bestellt hatten.
freiheit.exe - Utopien als Malware (de)

Christiane Mudra

"freiheit.exe“ ist eine Lecture über die ideologischen Rootkits des Silicon Valley. Sie schlägt den Bogen von den italienischen Futuristen zu den heutigen Tech-Feudalisten, vom Akzelerationismus zur Demokratieskepsis der Libertären, von Tolkien zur PayPal-Mafia. Basierend auf den Recherchen zu meinem Theaterstück "freiheit.exe. Utopien als Malware", in dem journalistische Analyse auf performative Darstellung trifft.
Verlorene Domains, offene Türen - Was alte Behördendomains verraten (de)

Tim Philipp Schäfers (TPS)

Was passiert, wenn staatliche Domains auslaufen - und plötzlich jemand anderes sie besitzt? In diesem Vortrag wird berichtet, wie mehrere ehemals offizielle, aber unregistrierte Domains deutscher Bundesministerien und Behörden erworben werden konnten - und welche Datenströme dadurch sichtbar wurden. Über Monate hinweg konnten so DNS-Anfragen aus Netzen des Bundes empfangen werden - ein erhebliches Sicherheitsrisiko. Unter anderem da es so möglich war Accounts zu übernehmen, Validierungen von E-Mailsignaturen zu manipulieren, Anfrage umzuleiten und im Extremfall Code auf Systemen auszuführen. (Keine sensiblen Daten werden veröffentlicht; der Fokus liegt auf Forschung, Aufklärung und verantwortungsvollem Umgang mit den Ergebnissen.)
Don’t look up: There are sensitive internal links in the clear on GEO satellites (en)

Nadia Heninger, Annie Dai

We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible from our vantage point. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks.
Code to Craft: Procedural Generation for the Physical World (en)

bleeptrack

Join bleeptrack for a deep dive into the fascinating world of procedural generation beyond the screen. From stickers and paper lanterns to PCBs, furniture, and even physical procedural generators, this talk explores the challenges and creative possibilities of bringing generative projects into tangible form.
Schlechte Karten - IT-Sicherheit im Jahr null der ePA für alle (de)

Bianca Kastl

Seit Mitte 2025 steht die elektronische Patientenakte für alle zur Verfügung – nach ein paar kleineren oder größeren Sicherheitsproblemen im Vorfeld, sei es vor einem Jahr auf dem 38C3 oder Ende April zum deutschlandweiten Start. Zeit ein Fazit zu ziehen: Ist die ePA jetzt sicher? Wurden nachhaltige Veränderungen durchgeführt, die zu mehr Sicherheit führen? Kann der Umgang mit der IT-Sicherheit «eines der größten IT-Projekte der Bundesrepublik» für zukünftige Digitalprojekte hilfreich sein? Zeit, mit etwas Abstand auf das zu blicken, was war, was ist und was sich abzeichnet nicht nur bei der ePA, sondern auch beim Umgang mit IT-Sicherheit bei ähnlichen Vorhaben in Deutschland. Eine umfassende Analyse der Historie und der Ursachen einer der weitreichendsten Fehlentwicklungen im Bereich der IT-Sicherheit der letzten Jahre, die sich in weit mehr zeigt, als nur in schlechter Prüfung der Anwesenheit von Gesundheitskarten im Gesundheitswesen.
10 years of Dieselgate (en)

Felix Domke, Karsten Burger

Let's have a (hopefully) final look at Diesel emission cheating. This technical talk summarizes what I learned by reverse-engineering dozens of engine ECU software, how I found and characterized "interesting logic" which, more often than not, ended up being a court-approved "defeat device". What started as a "curious investigation" in 2015 to obtain a ground truth to widespread media reports of "VW being caught for cheating" ended up as a full-blown journey through the then-current state of the Diesel car industry. In this talk, Karsten and Felix will walk through the different implementation of defeat devices, their impact on emissions, and the challenges in documenting seemingly black boxes in court-proven expert reports.
Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM (en)

Martin Heckel, Florian Adamsky, Daniel Gruss

Last year at 38c3, we gave a talk titled "Ten Years of Rowhammer: A Retrospect (and Path to the Future)." In this talk, we summarized 10 years of Rowhammer research and highlighted gaps in our understanding. For instance, although nearly all DRAM generations from DDR3 to DDR5 are vulnerable to the Rowhammer effect, we still do not know its real-world prevalence. For that reason, we invited everyone at 38c3 last year to participate in our large-scale Rowhammer prevalence study. In this year's talk, we will first provide an update on Rowhammer research and present our results from that study. A lot has happened in Rowhammer research in 2025. We have evidence that DDR5 is as vulnerable to Rowhammer as previous generations. Other research shows that not only can adversaries target rows, but columns can also be addressed and used for bit flips. Browser-based Rowhammer attacks are back on the table with Posthammer and with ECC. fail, we can mount Rowhammer attacks on DDR4 with ECC memory. In our large-scale study, we measure Rowhammer prevalence in a fully automated cross-platform framework, FlippyR.AM, using the available state-of-the-art software-based DRAM and Rowhammer tools. Our framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions, uses 7 tools to mount Rowhammer. We distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1006 datasets from 822 systems with various CPUs, DRAM generations, and vendors. Our study reveals that out of 1006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverse-engineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem. In the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks. Our results show that fully automated, i.e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated, but at 12.5%, are still a practical vector for threat actors. Furthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering tools for DRAM addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures, as only 12.5 % of datasets contained bit flips. Addressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios.
Security of Cardiac Implantable Electronic Devices (en)

dilucide

Cardiac Implantable Electronic Devices (CIED), such as cardiac pacemakers and defibrillators, are a fairly niche target for security researchers, in part due to a lack of manufacturer cooperation and device accessibility. This talk aims to provide insights into the challenges in device development and methods with which to research device security. Data accessibility to patients will be touched upon.
Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs (en)

Leo Meyerovich, Sindre Breda

After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll walk through how that works, including videos of the many ways AI trips itself up that marketers would rather hide, and how to do it at home with free and open-source tools. CTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't "can we cheat at CTFs?" It's what happens when investigations evolve from analysts-who-investigate to analysts-who-manage-AI-investigators. We'll show you what that transition already looks like today and peek into some uncomfortable questions about what comes next.
Security Nightmares (de)

Constanze Kurz, Ron

Was hat sich im Jahr 2025 im Bereich IT-Sicherheit getan? Welche neuen Methoden, Buzzwords und Trends waren zu sehen? Was waren die fiesesten Angriffe und die teuersten Fehler?
Closing Ceremony (de)

Stella, pajowu

Power off! Nach vier wunderbaren Tagen kommt der Congress nun langsam zum Ende. Lasst uns zurückblicken, die Eindrücke sortieren und diese inspirierte Stimmung nach draußen tragen.

Ground
The art of text (rendering) (en)

Nicolas Rougier

Typography is the art of arranging type to make written language legible, readable, and appealing when displayed. However, for the neophyte, typography is mostly apprehended as the juxtaposition of characters displayed on the screen while for the expert, typography means typeface, scripts, unicode, glyphs, ascender, descender, tracking, hinting, kerning, shaping, weigth, slant, etc. Typography is actually much more than the mere rendering of glyphs and involves many different concepts. If glyph rendering is an important part of the rendering pipeline, it is nonetheless important to have a basic understanding of typography or there’s a known risk at rendering garbage on screen, as it has been seen many times in games, software and operating systems.
Chaos macht Küche (de)

Ingwer Andersen

Ihr macht eine Veranstaltung für viele Menschen? Dann haben viele Menschen auch viel Hunger. Jetzt wird euch gezeigt wie man für viele (mehr als 75) Menschen Essen zubereitet. Es braucht nur etwas Vorbereitung und Motivation!
Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot (en)

stacksmashing, nsr

In August 2024, Raspberry Pi released their newest MCU: The RP2350. Alongside the chip, they also released the RP2350 Hacking Challenge: A public call to break the secure boot implementation of the RP2350. This challenge concluded in January 2025 and led to five exciting attacks discovered by different individuals. In this talk, we will provide a technical deep dive in the RP2350 security architecture and highlight the different attacks. Afterwards, we talk about two of the breaks in detail---each of them found by one of the speakers. In particular, we first discuss how fault injection can force an unverified vector boot, completely bypassing secure boot. Then, we showcase how double glitches enable direct readout of sensitive secrets stored in the one-time programmable memory of the RP2350. Last, we discuss the mitigation of the attacks implemented in the new revision of the chip and the lessons we learned while solving the RP2350 security challenge. Regardless of chip designer, manufacturer, hobbyist, tinkerer, or hacker: this talk will provide valuable insights for everyone and showcase why security through transparency is awesome.
Junghacker:innentag Einführung (de)

Zu unserer Freude haben sich in den letzten Jahren immer mehr Junghacker:innen auf dem Congress eingefunden. Daher bieten wir auch diesmal, wie schon in den Vorjahren, einen speziell auf Kinder und Jugendliche zugeschnittenen Junghacker:innentag an. Am zweiten Congresstag, dem 28. Dezember 2024, organisieren Freiwillige aus vielen Assemblies von etwa 10 bis 17 Uhr ein vielseitiges Workshop-Programm für angehende Hacker:innen.
Persist, resist, stitch (en)

Philo

What does knitting have to do with espionage? Can embroidery help your mental health? This talk shows how the skills to create textile art have enabled people to resist and to persist under oppressive regimes for centuries. And it offers ways to keep doing so.
CSS Clicker Training: Making games in a "styling" language (en)

Lyra Rebane

CSS is a programming language, and you can make games in it. Let's install NoScript and make some together!
51 Ways to Spell the Image Giraffe: The Hidden Politics of Token Languages in Generative AI (en)

Ting-Chun Liu, Leon-Etienne Kühr

Generative AI models don't operate on human languages – they speak in **tokens**. Tokens are computational fragments that deconstruct language into subword units, stored in large dictionaries. These tokens encode not only language but also political ideologies, corporate interests, and cultural biases even before model training begins. Social media handles like *realdonaldtrump*, brand names like *louisvuitton*, or even *!!!!!!!!!!!!!!!!* exist as single tokens, while other words remain fragmented. Through various artistic and adversarial experiments, we demonstrate that tokenization is a political act that determines what can be represented and how images become computable through language.
Azubi-Tag Einführung (de)

Jedes Jahr zwischen Weihnachten und Neujahr treffen sich tausende Hacker*innen zum Chaos Communication Congress in Hamburg. Der Azubi-Tag ist eine günstige Gelegenheit für Auszubildende, den Congress zu besuchen, den CCC kennenzulernen und viel über IT-Security, Technik und Gesellschaft zu lernen. Wir freuen uns, diesen Tag nun zum dritten Mal anbieten zu können.
a media-almost-archaeology on data that is too dirty for "AI" (en)

jiawen uffline

when datasets are scaled up to the volume of (partial) internet, together with the idea that scale will average out the noise, large dataset builders came up with a human-not-in-the-loop, cheaper-than-cheap-labor method to clean the datasets: heuristic filtering. Heuristics in this context are basically a set of rules came up by the engineers with their imagination and estimation to work best for their perspective of “cleaning”. Most datasets use heuristics adopted from existing ones, then add some extra filtering rules for specific characteristics of the datasets. I would like to invite you to have a taste together of these silent, anonymous yet upheld estimations and not-guaranteed rationalities in current sociotechnical artifacts, and on for whom these estimations are good-enough, as it will soon be part our technological infrastructures.
Teckids – eine verstehbare (digitale) Welt (de)

Keno, Darius Auding

Die Teckids-Gemeinschaft bringt Kinder, Jugendliche und Erwachsene zusammen, um gemeinsam aktiv für eine verstehbare (digitale) Welt zu sein.
There is NO WAY we ended up getting arrested for this (Malta edition) (en)

mixy1, Luke Bjorn Scerri, girogio

3 years ago, 3 Maltese students were arrested and charged with computer misuse after disclosing a vulnerability to a local company that developed a mobile app for students. Through persistent media pressure, the students managed to obtain a presidential pardon to drop the case and funding for their lawyers. However, through this journey, there were mentions of punishment for retaliating through media disclosure. The story has not concluded, and there will be no amendments to the Maltese computer misuse law for the foreseeable future.
Set-top box Hacking: freeing the 'Freebox' (en)

Frédéric Hoguin

The French ISP 'Free' was the first to introduce a set-top box in France in 2002, named the Freebox. Four years later, the fifth version of the Freebox was released and distributed to customers. It comprises two devices: a router, and a PVR called the Freebox HD, both running Linux. The Freebox HD had innovative features at the time, such as live television control and HD capabilities. Such a device has a lot of potential for running homebrew, so I decided to hack it. I present how I got arbitrary code execution on the Freebox HD and then root privileges, using a chain of two 0-day exploits, one of which is in the Linux kernel. I then analyze the device, run homebrew software, and explain the structure of the ISP's private network that I uncovered while exploring the device.
Build a Fake Phone, Find Real Bugs: Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU (en)

Romain Malmain

Mobile phones are central to everyday life: we communicate, entertain ourselves, and keep vast swaths of our digital lives on them. That ubiquity makes high-risk groups such as journalists, activists, and dissidents prime targets for sophisticated spyware that exploits device vulnerabilities. On Android devices, GPU drivers have repeatedly served as the final escalation vector into the kernel. To study and mitigate that risk, we undertook a research project to virtualize the Qualcomm Android kernel and the KGSL graphics driver from scratch in QEMU. This new environment enables deep debugging, efficient coverage collection, and large-scale fuzzing across server farms, instead of relying on a handful of preproduction devices. This talk will highlight the technical aspects of our research, starting with the steps required to boot the Qualcomm mobile kernel in QEMU, all the way up to the partial emulation of the GPU. Then, we will present how we moved from our emulation prototype to a full-fledged fuzzer based on LibAFL QEMU.
Von Groschen und SpurLos - GNU Taler auch auf eurem Event! (de)

Mikolai Gütschow, signum

Willkommen in der Zukunft: Beim LUG Camp in Wipperfürth und bei den Datenspuren in Dresden wurde digital bezahlt - mit GNU Taler als Event-Bezahlsystem. Noch einfacher als Bargeld, billiger als Kartenzahlung und ohne Eingriff in die Privatsphäre der Besucher*innen. Wir zeigen euch, wie auch ihr das bei eurer nächsten (Chaos-)Veranstaltung anbieten könnt!

Zero
A Tale of Two Leaks: How Hackers Breached the Great Firewall of China (en)

Jade Sheffey

The Great Firewall of China (GFW) is one of, if not arguably the most advanced Internet censorship systems in the world. Because repressive governments generally do not simply publish their censorship rules, the task of determining exactly what is and isn’t allowed falls upon the censorship measurement community, who run experiments over censored networks. In this talk, we’ll discuss two ways censorship measurement has evolved from passive experimentation to active attacks against the Great Firewall.
KIM 1.5: Noch mehr Kaos In der Medizinischen Telematikinfrastruktur (TI) (de)

Christoph Saatjohann

Zwei Jahre nach dem ersten KIM-Vortrag auf dem 37C3: Die gezeigten Schwachstellen wurden inzwischen geschlossen. Weiterhin können mit dem aktuellen KIM 1.5+ nun große Dateien bis 500 MB übertragen werden, das Signaturhandling wurde für die Nutzenden vereinfacht, indem die Detailinformationen der Signatur nicht mehr einsehbar sind. Aber ist das System jetzt sicher oder gibt es neue Probleme?
1965 + 60 Years of Algorithmic Art with Computers (en)

Enna Gerhard, Frieder Nake

What power structures are inherent to the field of computer-generated art? In the year 1965, so 60 years ago, the first three exhibitions of art created with the help of computers took place - in part independently of each other. We want to present the interesting aspects of developments since then and discuss them with Frieder Nake, one of the people who exhibited in those very beginnings and followed those developments with a critical attitude.
BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets (en)

Alon Leviev

This talk reveals our in-depth vulnerability research on the Windows Recovery Environment (WinRE) and its implications for BitLocker, Windows’ cornerstone for data protection. We will walk through the research methodology, uncover new 0-day vulnerabilities, and showcase full-chain exploitations that enabled us to bypass BitLocker and extract all the protected data in several different ways. This talk goes beyond theory - as each vulnerability will be accompanied by a demo video showcasing the complete exploitation chain. To conclude the talk, we will share Microsoft’s key takeaways from this research and outline our approach to hardening WinRE and BitLocker.
Building a NOC from scratch (de)

lilly

Learn from our mistakes during the first iteration of Network Operations for Europe's largest furry convention, Eurofurence. Dieses Jahr hat ein kleines Team aus dem Chaos, Furries und Chaos-Furries ein neues Netzwerk-OC gegründet, um die Eurofurence mit gutem premium 👌 Internetz auszustatten. Wir erzählen von unseren Erfahrungen und den sozialen sowie technischen Herausforderungen.
Lightning Talks - Tag 2 (de)

Bonnie, keldo, Andi Bräu

Lightning Talks - Tag 2
Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents (en)

Johann Rehberger

This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, AWS Kiro, and others. Exploits will impact confidentiality, system integrity, and the future of AI-driven automation, including remote code execution, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure. Which are known as "ZombAIs", a term first coined by the presenter as well as long-term prompt injection persistence in AI coding agents. Additionally, we will explore how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). Finally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.
Variable Fonts — It Was Never About File Size (en)

Bernd

A brief history of typographic misbehavior or intended and unintended uses of variable fonts. Nine years after the introduction of variable fonts, their most exciting uses have little to do with what variable fonts originally were intended for and their original promise of smaller file sizes. The talk looks at how designers turned a pragmatic font format into a field for experimentation — from animated typography and uniwidth button text to pattern fonts and typographic side effects with unintended aesthetics. Using examples from projects such as TypoLabs, Marjoree, Kario (the variable font that’s used as part of the 39C3 visual identity), and Bronco, we’ll explore how variable fonts evolved from efficiency tools into creative systems — and why the most interesting ideas often emerge when technology is used in unintended ways.
How To Minimize Bugs in Cryptography Code (en)

Jade

"Don't roll your own crypto" is an often-repeated aphorism. It's good advice -- but then how does any cryptography get made? Writers of cryptography code like myself write code with bugs just like anyone else, so how do we take precautions against our own mistakes? In this talk, I will give a peek into the cryptographer's toolbox of advanced techniques to avoid bugs: targeted testing, model checking, mathematical proof assistants, information-flow analysis, and more. None of these techniques is a magic silver bullet, but they can help find flaws in reasoning about tricky corner cases in low-level code or prove that higher-level designs are sound, given a defined set of assumptions. We'll go over some examples and try to give a high-level feel for different workflows that create "high-assurance" code. Whether you know it or not, you use this type of cryptography code every day: in your browser, your messaging apps, and your favorite programming language standard libraries.
When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons (en)

Chiao-Lin Yu (Steven Meow)

What happens when AI-powered criminals meet AI-powered hunters? A technical arms race where both sides are vibing their way through exploitation—and the backdoors write themselves. In October 2025, we investigated Taiwan's fake delivery scam ecosystem targeting convenience store customers. What started as social engineering on social media became a deep dive into two distinct fraud platforms—both bearing the unmistakable fingerprints of AI-generated code. Their developers left more than just bugs: authentication flaws, file management oversights, and database implementations that screamed "I asked LLM and deployed without reading." We turned their sloppiness into weaponized OSINT. Through strategic reconnaissance, careful database analysis, and meticulous operational security, we achieved complete system access on multiple fraud infrastructures. By analyzing server artifacts and certificate patterns, we mapped 100+ active domains and extracted evidence linking thousands of victim transactions worth millions of euros in fraud. But here's the twist: we used the same AI tools they did, just with better prompts. The takeaway isn't just about hunting scammers—it's about the collapse of the skill gap in both offense and defense. When vibe coding meets vibe hacking, the underground economy democratizes in ways we never anticipated. We'll share our methodology for fingerprinting AI-assisted crime infrastructure, discuss the ethical boundaries of counter-operations, and demonstrate how to build sustainable threat intelligence pipelines when your adversary can redeploy in 5 minutes. This talk proves that in 2025, the real exploit isn't zero-day—it's zero-understanding.
The Small Packet of Bits That Can Save (or Destabilize) a City (en)

Manuel Rábade

The Emergency Alert System (EAS) and its SAME (Specific Area Message Encoding) protocol are public alerting technologies that broadcast short digital bursts over VHF triggering emergency messages on millions of receivers across North America. In Mexico, this technology was integrated into the Seismic Alert System (SASMEX) which more than 30 million people in the central part of the country rely on to prepare for frequent earthquakes. While new alerting technologies have emerged, the EAS-SAME network continues to play an important role for public safety in the U.S., Mexico, and Canada. Yet, the same small packets of bits that can help protect a city could also, in the wrong hands, destabilize it. This talk examines how these systems operate and reveals a troubling truth: spoofing these alerts is far easier than most people expect.
Lightning Talks - Tag 3 (de)

Bonnie, keldo, Andi Bräu

Lightning Talks - Tag 3
Watch Your Kids: Inside a Children's Smartwatch (en)

Nils Rollshausen

Join us as we hack at a popular children's smartwatch and expose the secrets of every fifth child in Norway, their parents, and millions more.
Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way (en)

Elise Amber Katze

The Tegra X2 is an SoC used in devices such as the Magic Leap One, and Tesla's Autopilot 2 & 2.5 promising a secure bootchain. But how secure really is the secure boot? In this talk I go over how I went from a secured Magic Leap One headset, to exploiting the bootloader over USB, to doing fault injection to dump the BootROM, to finding and exploiting an unpatchable vulnerability in the BootROM's USB recovery mode affecting all Tegra X2s.
APT Down and the mystery of the burning data centers (en)

Christopher Kunz, Sylvester

In August 2025 Phrack published the dump of an APT member's workstation. It was full of exploits and loot from government networks, cell carriers and telcos. The dump sparked a government investigation, and corpos like LG and Korea Telecom were asked to explain themselves. Hours before an onsite audit, the data center mysteriously caught fire, destroying almost a hundred servers. Then another data center burned - and unfortunately, there was even one death. The talk aims to revisit this mysterious sequence of tragic incidents. [TW: Suicide, self-harm]
Transkultureller Hack auf die klassische Musikszene – Vortrag und Konzert (de)

Johanna-Leonore Dahlhoff, Peter Klohmann, Alireza Meghrazi Solouklou, Mirweis Neda, Maria Carolina Pardo Reyes, Eduardo Sabella, Sarah Luisa Wurmer, Berivan Canbolat

Das Bridges Kammerorchester hackt die klassische Musikszene, indem es die Regeln des traditionellen Konzertbetriebs aufbricht: Musiker*innen mit und ohne Flucht- und Migrationsbiografie bringen Instrumente wie Oud, Tar, Kamanche oder Daf in die europäische Orchestertradition. Statt überwiegend Werke verstorbener männlicher, europäischer Komponisten zu spielen, komponieren die Mitglieder ihre Musik selbst – ein radikaler Perspektivwechsel hin zu Vielfalt und Selbstbestimmung. Im Vortrag zeigen sie anhand von Hörbeispielen und persönlichen Geschichten, wie diese Hacks entstehen und machen im Anschluss in einem Konzert die musikalische Vielfalt live erlebbar.
Race conditions, transactions and free parking (en)

Benjamin W. Broersma

ORM's and/or developers don't understand databases, transactions, or concurrency.
Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities (en)

Thijs Raymakers

Transient execution CPU vulnerabilities, like Spectre, have been making headlines since 2018. However, their most common critique is that these types of vulnerabilities are not really practical. Even though it is cool to leak `/etc/shadow` with a CPU bug, it has limited real-world impact. In this talk, we take Spectre out for a walk and let it see the clouds, by leaking memory across virtual machine boundaries at a public cloud provider, bypassing mitigations against these types of attacks. Our report was awarded with a $151,515 bug bounty, Google Cloud's highest bounty yet.
I Hated All The Cross-Stitch Software So I Made My Own: My Deranged Outsider Software Suite For Making Deranged Outsider Art (en)

yomimono

I wanted to design beautiful header diagrams and ASCII tables suitable for stitching on throw pillows, but found existing tools for cross-stitch design to be all wrong. I made my own set of command-line tools for building this chunky, pixelated visual art. If you've never seen a cross-stitch sampler that had bitrot, this talk will fix it.
“End Of 10”: How the FOSS Community is Combatting Software-Driven Resource and Energy Consumption (en)

Joseph P. De Veaugh-Geiss, Carolina Silva Rode, Bettina Louis

The end of free support for Windows 10 was 14 October 2025. Well, sort of. Microsoft moved the date to 2026, one more year the FOSS community can introduce users to sustainable software. 14 October is also KDE's birthday, International E-Waste Day, with International Repair Day following on 18 October. The irony is deep, but what is not ironic is that millions of functioning computers will end up becoming security risks or discarded as e-waste. This means manufacturing and transporting new ones, the biggest waste of all: hardware production accounts for over 75% of a device's CO2 emissions over its lifespan. The FOSS community had an opportunity and we took it! In 2024, KDE Eco's Opt Green project began a global, unified campaign across FOSS and repair communities to upgrade unsupported Windows 10 computers to Linux. We held BoFs at SFSCon, CCC, and FOSDEM. We thought big and acted boldly. In this talk End Of 10 contributors will discuss the campaign, what has worked and what the challenges have been, and how FOSS provides a solution to software-driven resource and energy consumption.
Infrastructure Review (en)

nicoduck

Infrastructure teams present what they did for this years congress and why they did it that way.

Fuse
Who cares about the Baltic Jammer? – Terrestrial Navigation in the Baltic Sea Region (en)

Lars, Niklas Hehenkamp, Markus

Reports of GNSS interference in the Baltic Sea have become almost routine — airplanes losing GPS, ships drifting off course, and timing systems failing. But what happens when a group of engineers decides to build a navigation system that simply *doesn’t care* about the jammer? Since 2017, we’ve been developing **R-Mode**, a terrestrial navigation system that uses existing radio beacons and maritime infrastructure to provide independent positioning — no satellites needed. In this talk, we’ll share our journey from an obscure research project that “nobody needs” to a system now seen as crucial for resilience and sovereignty. Expect technical insights, field stories from ships in the Baltic, and reflections on what it means when a civilian backup system suddenly attracts military interest.
Chaos all year round (de)

Deanna

Neben dem Congress gibt es noch viele andere Chaos-Events, die über das ganze Jahr verteilt stattfinden. Das Easterhegg, die GPN und die MRMCD kennen vermutlich die meisten Chaos-Wesen. Aber was ist eigentlich mit den ganzen kleineren Veranstaltungen?
Escaping Containment: A Security Analysis of FreeBSD Jails (en)

ilja, Michael Smith

FreeBSD’s jail mechanism promises strong isolation—but how strong is it really? In this talk, we explore what it takes to escape a compromised FreeBSD jail by auditing the kernel’s attack surface, identifying dozens of vulnerabilities across exposed subsystems, and developing practical proof-of-concept exploits. We’ll share our findings, demo some real escapes, and discuss what they reveal about the challenges of maintaining robust OS isolation.
Not To Be Trusted - A Fiasco in Android TEEs (en)

0ddc0de, gannimo, Philipp

Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The word "Trusted" in this context means that **you**, as in "the owner of the device", don't get to execute code in this execution environment. Even when you unlock the bootloader and Magisk-root your device, only vendor-signed code will be accepted by the TEE. This unfortunate setup limits third-party security research to the observation of input/output behavior and static manual reverse engineering of TEE components. In this talk, we take you with us on our journey to regain power over the highest privilege level on Xiaomi devices. Specifically, we are targeting the Xiaomi Redmi 11s and will walk through the steps necessary to escalate our privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3). We will revisit old friends like Trusted Application rollback attacks and GlobalPlatform's design flaw, and introduce novel findings like the literal fiasco you can achieve when you're introducing micro kernels without knowing what you're doing. In detail, we will elaborate on the precise exploitation steps taken and mitigations overcome at each stage of our exploit chain, and finally demo our exploits on stage. Regaining full control over our devices is the first step to deeply understand popular TEE-protected use cases including, but not limited to, mobile payment, mobile DRM solutions, and the mechanisms protecting your biometric authentication data.
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (en)

Zhongrui Li, Yizhe Zhuang, Kira Chen

The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits. In this presentation, we will share our in-depth analysis of this attack, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55177 and CVE-2025-43300. We will demonstrate how attackers chained these vulnerabilities to remotely compromise WhatsApp and the underlying iOS system without any user interaction or awareness. Following our analysis, we successfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones, iPads, and Macs. Finally, we will present our analysis of related vulnerabilities affecting Samsung devices (such as CVE-2025-21043) and share how this investigation led us to discover additional, previously unknown 0-day vulnerabilities.
Coding Dissent: Art, Technology, and Tactical Media (en)

Helena Nikonole

This presentation examines artistic practices that engage with sociotechnical systems through tactical interventions. The talk proposes art as a form of infrastructural critique and counter-technology. It also introduces a forthcoming HackLab designed to foster collaborative development of open-source tools addressing digital authoritarianism, surveillance capitalism, propaganda infrastructures, and ideological warfare.
Neue Chaos Events - InselChaos und Håck ma’s Castle plaudern aus dem Nähkästchen (de)

Erwin Ernst "eest9" Steinhammer, lasii, Daniel, Niklas

Auf der Insel Rügen und in Österreich tut sich was - und zwar neue Chaos Events. Wir möchten über Anforderungen, Herausforderungen, Hürden, Erfahrungen und Glücksmomente aus unserer Sicht der Orga erzählen. Das InselChaos fand im LaGrange e.V. im September 2025 statt und bildet den Auftakt für weitere kreative, informative und chaotische Events auf der Insel Rügen. Das Håck ma’s Castle wird mit etwas Humor auch über Herausforderungen sprechen, welche unter anderem durch dezentrale Teams aus diversen Hackspaces entstehen.
Power Cycle B7 oder Warum kauft man eine Zeche? (de)

Kohlenpod, kater, Stephan

Aus einem Barwitz wurde ein Projekt! Blumenthal7 ist die letzte vollständig erhaltene Schachtanlage des ehemaligen Steinkohlebergwerks General Blumenthal in Recklinghausen im nördlichen Ruhrgebiet. Nach diversen Startschwierigkeiten ist aus einer im Dornröschenschlaf liegenden Industriebrache ein Projekt geworden, das bereits jetzt einer Vielzahl von Entitäten und Gruppen eine Heimat und einen großen, nahezu grenzenlosen Spielplatz bietet. Begleitet uns gerne beim Power Cycle B7…!
A Quick Stop at the HostileShop (en)

Mike Perry

HostileShop is a python-based tool for generating prompt injections and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections against LLMs, by having LLMs attack other LLMs. It's LLMs all the way down. HostileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then, I have expanded HostileShop to generate injections for the entire LLM frontier, as well as to mutate jailbreaks to bypass prompt filters, adapt to LLM updates, and to give advice on performing injections against other agent systems. In this talk, I will give you an overview of LLM Agent hacking. I will cover LLM context window formats, LLM agents, agent vulnerability surface, and the prompting and efficiency insights that led to the success of HostileShop.
How to render cloud FPGAs useless (en)

Dirk

While FPGA developers usually try to minimize the power consumption of their designs, we approached the problem from the opposite perspective: what is the maximum power consumption that can be achieved or wasted on an FPGA? Short answer: we found that it’s easy to implement oscillators running at 6 GHz that can theoretically dissipate around 20 kW on a large cloud FPGA when driving the signal to all the available resources. It is interesting to note that this power density is not very far away from that of the surface of the sun. However, such power load jump is usually not a problem as it will trigger some protection circuitry. This led us to the next question: would a localized hotspot with such power density damage the chip if we remain within the typical power envelope of a cloud FPGA (~100 W)? While we could not “fry” the chip or induce permanent errors (and we tried several variants), we did observe that a few routing wires aged to become up to 70% slower in just a few days of stressing the chip. This basically means that such an FPGA cannot be rented out to cloud users without risking timing violations. In this talk, we will present how we optimized power wasting, how we measured wire latencies with ps accuracy, how we attacked 100 FPGA cloud instances and how we can protect FPGAs against such DOS attacks.
Machine Vision – Vom Algorithmus zum Baumpilz im digitalen Metabolismus (de)

Thomas Knüsel

Milliarden von Kameras produzieren täglich Bilder, die zunehmend von Maschinen analysiert werden. In dieser Lecture Performance beleuchten wir die Entwicklung des maschinellen Sehens – von den frühen algorithmischen Ansätzen bis zu den heutigen Anwendungen – und schauen, wie verschiedene Künstler:innen diese Technologien nutzen und reflektieren. Anhand der beiden Arbeiten „Throwback Environment” und „Fomes Fomentarius Digitalis” betrachten wir die Nutzung des maschinellen Sehens in einem künstlerischen Feedback-Loop. Die Arbeiten machen sichtbar, was die eingesetzten Algorithmen sehen und in welchen Mustern sie operieren.
The Museum of Care: Open-Source Survival Kit Collection (en)

Nika Dubrovsky

The talk is about the ideas behind setting up the David Graeber Institute and the Museum of Care. The Survival Kit Collection brings together collectives developing open source "social technologies" —spirulina farms, self-replicating 3D printers, modular housing, low-cost water systems, and ... art and education. In 2019, together with David Graeber, we held the first workshop about the Museum of Care at CCC to reimagine the relation between freedom, technology and value. Over these 6 years, the Museum of Care and the David Graeber Institute have experimented with various projects: the survival collection, Visual Assembly, and creating an open space for horizontal knowledge production—something we hope to develop into an actual University.
Learning from South Korean Telco Breaches (en)

Shinjo "peremen" Park, Yonghyu "perillamint" Ban

2025 was a bad year for South Korean mobile network operators. All three operators (SK Telecom, KT, LG U+) were affected by breach in some part of their respective network: HSS of SK Telecom, femtocells of KT. Meanwhile, handling of the breach by each operators and post-mortem analysis of each breaches have stark differences. The technical details and implemented mitigations are often buried under the vague terms, and occasionally got lost in translation to English. In this talk, I will cover the technical aspects of SK Telecom and KT's breach, and how the operators are coping to the breach and what kind of measurements have been performed to secure their network.
Netzpolitik in der Schweiz: Zwischen Bodensee und Matterhorn (de)

Kire, Rahel

Auch in der Schweizer Netzpolitik ging es im auslaufenden Jahr drunter und drüber. Wir blicken mit gewohntem Schalk auf das netzpolitische Jahr 2025 zwischen Bodensee und Matterhorn zurück - und diskutieren jene Themen, die relevant waren und relevant bleiben.
The Angry Path to Zen: AMD Zen Microcode Tools and Insights (en)

Benjamin Kollenda

EntrySign opened the door to custom microcode on AMD Zen CPUs earlier this year. Using a weakness in the signature verification we can load custom microcode updates and modify behavior of stock AMD Zen 1-5 CPUs. While AMD has released patches to address this weakness on some CPUs, we can still use unpatched systems for our analysis. In this talk we cover what we found out about microcode, what we saw in the microcode ROM, the tooling we build, how we worked to find out more and how you can write & test your own microcode on your own AMD Zen systems. We have our tools up on https://github.com/AngryUEFI for everyone to play around with and hopefully help us understand microcode more than we currently do.
Hegemony Eroding: Excavating Diversity in Latent Space (en)

Karim Hamdi

Hegemony Eroding is an ongoing art project exploring how generative AI reflects and distorts cultural representation. Its name speaks to its core ambition: to bear witness to the slow erosion of Western cultural hegemony by exposing the cracks in which other cultures shine through. This talk will discuss the blurry boundary between legitimate cultural representation and prejudice in AI-generated media and how generative AI can be used as a tool to explore humanity's digital foot print. It is permeated by a critique of purely profit-driven AI development and it's tendency to blunt artistic exploration and expression.
The Spectrum - Hackspace Beyond Hacking (en)

sjaelv, MultisampledNight

The Spectrum is a newly founded queer-feminist, intersectional hackspace centering FLINTA+, disabled, and marginalized beings. We see hacking as playful exploration—of technology, art, and ideas—to reimagine what inclusion and collaboration can be. At 39C3, we share how awareness, accessibility, and transdisciplinary creation can transform community and hack the norm.
Von Fuzzern zu Agenten: Entwicklung eines Cyber Reasoning Systems für die AIxCC (de)

Mischa Meier (mmisc), Annika Kuntze

Die AI Cyber Challenge (AIxCC) der DARPA hatte zum Ziel, die Grenzen der autonomen Cybersicherheit zu erweitern: Können AI-Systeme Software-Schwachstellen unabhängig, in Echtzeit und ohne menschliche Hilfe identifizieren, verifizieren und beheben? Im Laufe von zwei Jahren entwickelten Teams aus aller Welt „Cyber Reasoning Systems“ (CRS), die in der Lage sind, komplexe Open-Source-Software zu analysieren, Code zu analysieren, reproducer zu generieren, um zu zeigen, dass ein gemeldeter Fehler kein Fehlalarm ist, und schließlich Patches zu synthetisieren. Unser Team nahm an dieser Challenge teil und entwickelte von Grund auf ein eigenes CRS. In diesem Vortrag geben wir Einblicke in den Wettbewerb: Wie funktioniert die LLM-gesteuerte Schwachstellenerkennung tatsächlich, welche Designentscheidungen sind wichtig und wie sind die Finalisten-Teams an das Problem herangegangen?
What You Hack Is What You Mean: 35 Years of Wiring Sense into Text (en)

Torsten Roeder

Encoding isn’t just for machines — it’s how humans shape meaning. This talk traces 35 years of hacking text through the Text Encoding Initiative (TEI), a community-driven, open-source standard for describing the deep structure of texts. We’ll explore how TEI turns literature, research, and even hacker lore into machine-readable, remixable data — and how it enables minimal, sustainable self-publishing without gatekeepers. From alphabets to XML and the Hacker Bible, we’ll look at text as a living system: something we can read, write, and hack together.

Am Spätverkauf
No-Input (de)

CooperfrauMelissengeist

Ein geschlossener Kreislauf aus Klang und Störung. Kein Instrument, kein Ursprung, nur das Rauschen, das sich selbst gebiert. Frequenzen kratzen an der Grenze zum Bewusstsein, Feedback wird zum Atem einer Maschine ohne Körper. Aus dem Dunkel des Signals erhebt sich ein sirrendes Mantra — chaotisch, unheilig, autark. Eine Beschwörung der Leere durch elektrische Selbstzerstörung.
Tippeln am Rande des Abgrunds (de)

tippel radio

Das "tipple radio" ist eine Collage von Singer-Songwriter-Konzert und szenischer Lesung. Es trägt gecoverte und selbstgeschriebene Songs und Medleys von Punk über Hamburger Schule bis Schlager mit Gitarre und Gesang vor und verknüpft die Inhalte der Songs miteinander. Es entsteht ein Geflecht von Musik und Text, dass Aufbrüche in Abgründen aufzeigt und Hoffnung macht sich gegen die Faschisierung in der Gesellschaft zusammen zu schließen.
Störmoment (en)

Vale

All styles Punk from hc, grunge and garage to indie, pop and post, female fronted only.
Mittagspausenpunk live (de)

Einschiss

Einschiss ist DER Ausnahmekünstler zwischen den Stationen Paracelsus Bad und Rathaus Reinickendorf der U8. Gefangen im Körper eines Mannes mit Charaktermodell German_default_3_bearded.obj macht Einschiss Musik gegen die Dinge die nerven: Nazis, Arbeit und Consent Forms (und Arbeit). Dabei setzt er modernste Technologien ein, um einen Typen so klingen zu lassen, als wäre es ein Typ mit Backing Track. Für mehr Musiker:innen hat das Bier nicht gereicht. Sorry.
Gepflegtes Grölen am Späti: Antifa-Jodler, Punkrock und Umverteilungs-Hits (de)

elenos

Das Konzept ist simpel: Wir singen zusammen. Im Angebot haben wir vier Kategorien: Politische Classics, Punkrock-Hymnen, Antifaschistische Jodler und Umverteilungs-Hits des Quartiersmanagements Grunewald in der ansprechenden Karaoke-Variante. Man muss nichts können. Mit charmanter Anleitung manövrieren wir uns zusammen durch kollektive Dissonanzen!
A blast from the Y2K past… GRÜNSPAN (Rock & Metal) (en)

Alex Thurow

A time travel DJ set back to the times of the millennium change… … to the times of the prevented [Y2K apocalypse](https://en.wikipedia.org/wiki/Year_2000_problem) … to the times of the [Dot-com bubble](https://en.wikipedia.org/wiki/Dot-com_bubble) (… it’s about time AI, isn’t it?) … to the times of a [VERY problematic seed being planted](https://en.wikipedia.org/wiki/2000_Russian_presidential_election) … but most importantly to the times of the glorious: [| G.--. || R.--. || Ü.--. || N.--. || S.--. || P.--. || A.--. || N.--. |](https://www.gruenspan.de/) Back when ROCK was alive and kickin’ in „Hamburg meine Perle“! So, if you want to get a LOUD blast from the past - come join us and bring your [Pommesgabel](https://de.wikipedia.org/wiki/Mano_cornuta) with you! Live long and prosper, [DJ Alex](https://mstdn.social/@alexthurow/110279531725018974) (AKA: [https://onmoderndev.de](https://onmoderndev.de))
Punkrock-Songtext-Lesung (de)

tomate, anna

Kultivierte Personen rezitieren Punkrock-Songtexte mit der ganzen Ernsthaftigkeit und dem dramatischen Pathos, wie sonst nur von Goethe-Abenden im Literaturhaus bekannt. Anarchie meets Bildungsbürgertum. Chaos meets Chaiselongue.
4ever punk (en)

DJ Baba Grande

one hour of punk music, encompassing many different styles
Antifaschistischer Akkordeon-Punk - Grölen gegen Rechts (de)

Pianostein

Klassiker des antifaschistischen Deutschpunk-Liedguts – von Die Ärzte über Die Toten Hosen bis WIZO und Terrorgruppe – neu interpretiert auf dem Akkordeon. Laut, links und garantiert mitgröltauglich.
Von Berlin ins Exil - Lieder der 20er und 30er Jahre (de)

Kurt Tucholsky, Bertolt Brecht, Friedrich Hollaender, Claire Waldoff: Sie alle waren feste Größen des Berliner Kulturlebens. Es war wild, es war queer, es war jüdisch. Dann kamen die Nationalsozialisten an die Macht. Wer anders dachte – und sang! – wurde systematisch aus dem Land getrieben. Wer konnte, flüchtete ins ungewisse Exil.
Der Untergang* (de)

Der Untergang*

Späti Punk Karaoke Special mit Der Untergang* Wir sind der Untergang*. Wir sind Julia Wilton (Das Bierbeben, Pop Tarts) und Thies Mynther (Das Bierbeben, Superpunk, Phantom Ghost, Chaos Communication Choir). Wir werden ein kleines Konzert spielen, tragen aber auch gern etwas zum sehr guten Punk Karaoke bei. Zum Mitsingen und Mikrophonhijacking wird unbedingt eingeladen. Eventuell schaut auch der Chaos Communication Choir dabei.
inPunkto (de)

Takakalle

Schrammelpunk aus Hamburg
Steuerkarten für Freunde (post-punk, experimental, spoken word) (en)

Steuerkarten für Freunde

Minimal bis Post-Punk Cringe aus dem Bedroom. Endlich mal wieder aus sich heraus- und einander näher kommen. Für die Friends von den Friends mit guten Texten, meistens Punk, manchmal sanft, aber Hauptsache Spaß.

Chaos Computer Music Club
Katja Ruge (en)

Katja Ruge

„Planetary Visions“ with Katja Ruge (Can Love Be Synth/Synthesizerstudio HH, Electric Lights/Planetarium HH) Katja Ruge’s DJ sets are a seamless fusion of Italo, New Wave, Cosmic Sounds, 80s, Dark Disco, and Electro.
Analog to Algorithm: RSS Disco’s Underground Journey (en)

RSS Disco

From crackling Kraut and Disco records to hyper produced Techno tracks - dance music has come a long way in the last six decades, and was always strongly influenced by evolving technology. Dance music’s history is a feedback system between culture and circuitry. Each new invention—from the disco subwoofer to today’s neural-driven mastering tools—reshapes sound itself. RSS Disco’s timeline approach celebrates this continuum: a story of machines learning to groove, and humans learning to listen differently through them.
Steve Simon (de)

Steve

Als Part der ToxicFamily, die seit mittlerweile 25 Jahren Label, elektronisches Magazin, Veranstalter und einfach eine Institution in Frankfurt ist, fördert Steve, der übrigens einer der dienstältesten Residents des Tanzhaus West in Frankfurt ist, aktiv die Frankfurter Underground Clubszene und vor allem den Nachwuchs. Ob es ein Gig bei der Toxic Family Radio Show im lokalen FM Radio ist, ein CDJ Lehrgang oder einfach nur aufmunterte Worte während eines Sets - viele Frankfurter DJs haben eine Geschichte über Steve zu erzählen. Wenn Steve House Musik spielt, sieht man oft DJ Kollegen mit gespitzen Ohren an der Bar stehen - oder auch mal mitten auf der Tanzfläche - weil das Barpersonal selbst auf der Theke tanzt.
GAYLIENZ (en)

Oliotronix

Gaylienz is the new project of 3 gayliens coming from various universes. They got united to bring us an audio-visual glitch rave experience where we surf with an alien cats thru chaos and love cosmos. The audience is invited to participate too and of course to dance. Expect acid basslines, circuit bent, gayboy noise, beat constructions and analog glitch and videogame visuals - by Yelo555, Oliotronix and Maria Mam. https://www.instagram.com/gali3nz/ https://www.instagram.com/yelough.strobez/
Angie Taylor (en)

Angie Taylor

Angie Taylor is specialized in Hybrid Techno LIVE-DJ SETS, often blending it with live bass guitar and vocals to create a unique, electrifying hybrid Techno experience.
YMNA (en)

Nina_art&play

Heute Nacht wird der Dancefloor zur globalen Schnittstelle. YMNA kalibriert mit ihrem Mix aus global inspirierten Soundscapes und moderner Club-Musik unsere Sinne neu. Es ist die perfekte Balance zwischen dem Rohen, Ursprünglichen und der polierten Kraft des heutigen melodischen Techno.
Sportbrigade Sparwasser (de)

Hüp Now

We are well aware of the fact, that as DJs we play other peoples´(as well as our own) music. This means we want to ensure the musicians get the credit and respect they deserve for their work. Whenever reasonably possible (communication get quite intense for us at times) we´ll be happy to supply track IDs, although sometimes it may take a little while. Also we´re happy about reposts if you like what we´re doing.
The 39c3 Drag Show (en)

Keks

Finally a drag show at the chaos! Blinking lights, colorful outfits, and queers everywhere already seems normal at the congress. So how can it be, that all of this did not come together as drag on stage?! It is time for a really awesome, great drag show at the 39c3! And to show right away how divers drag is, a wonderful cast of drag artists of various genders and expressions can spread their queer joy and art for the audience. The show is hosted by Milky Gay, the nerdiest drag king from NRW, who does not only want to throw glitter at the congress incognito this year. And he is bringing an amazing cast with him Bingus Bongus (Drag Queen, Hamburg) Neuro Spicy (Drag King, NRW) Missass Nostalgia (Drag Queen, NRW) and Kaín Mensch (Drag Thing, Hamburg) will bring their queer art to finally merge chaos and drag! Everyone is welcome, we are trying to have as little barriers as possible to come and watch. No blinking lights during the show (no guarantee for the path there and acts before and after), Music Club accessible with mobility aids and wheel chairs (ask assigned angles). Mostly standing room, few seats at the side might not allow for a good view of the show. Content notes for certain parts of the show include death, cancer, violence, fake weapons, and sexual violence, and will be announced in time so people can leave and come back afterwards. Cheering is encouraged, so it might get loud. (more details tba). Please be nice to each other and especially help short people as well as queers to find a spot where they can see enough. Also, as drag is expensive, there will be a tipping round in the end - please bring some cash if you consider tipping the artists, but of course you are also welcome either way.
Hitstorm aka The Jakob Sister b2b RaverPik (en)

RaverPik

This DJ Team the combines all the Sachsentrance craziness :D since both DJs run the Sachsentrance Label and organize their famous events, widely known for their ecstatic vibes. It's pure Joy!
Kenji Tanaka Live (en)

Kenji Tanak

In my improvised live set, my random generators and I bounce ideas off each other. This approach allows previously created loops to flow into endless new combinations.
Tatendrang.wav (de)

Adnan

Seine Sets sind geprägt von düsteren, treibenden Beats und hypnotischen Grooves, die sich perfekt für Underground-Partys und nächtliche Dancefloors eignen. Tatendrang ist kein Mainstream-DJ, sondern ein klarer Szene-DJ, der sich auf spezielle, energiegeladene Sounds konzentriert und damit eine loyale Fangemeinde anspricht. Mit viel Gespür für Atmosphäre und Spannungsaufbau nimmt er sein Publikum mit auf eine intensive musikalische Reise.
MASCHA (de)

Mascha

DJ and music producer >>currently hosting MUSTER show every month at @thfradio
Ninsn (de)

Nina

Soundcloud: https://soundcloud.com/ninsnberlin
Denise Frey Electro-Acoustic Ambient Music (de)

Denise Frey

Denise Frey macht elektroakustische Ambient-Musik – ruhig, vielschichtig, atmosphärisch. Mit Saxophon, MPC, Effektgeräten und einem feinen Gespür für Klang formt sie in ihren Konzerten Klanglandschaften, die einladen zum Loslassen, Lauschen, Entspannen. Ihre Musik entsteht live – improvisiert, organisch, unmittelbar.
Tinabel vs Nintendo DS - Chiptune punk and new-wave from Tina Belmont, using Rhythm Core Alpha 2 on Nintendo DSi and 3DS (en)

Tinabel

Tinabel (Tina Belmont) plays a set of her punky electronic rock songs using "Rhythm Core Alpha 2", software which she created herself, on the Nintendo DSi & 3DS game consoles. See http://www.tinabelmont.com and http://www.whitecollarpunk.com to hear the music, or http://rhythmcorealpha.com to learn about the software!
Wante (DJ Set) (de)

Wante

Wante (Cologne) is drawn to dark, tunnely sets. With a soft spot for long, atmospheric, break-driven intros, her carefully curated selections evolve into relentless, hypnotic techno with ambient soundscapes.
Rob StrobE (de)

Rob StrobE

THE SECOND DECADE Born `78 in Germany Rob StrobE grew up and being influenced with classical music, swing and jazz in his childhood. He early discovered the likes of Depeche Mode, Michael Jackson, Kraftwerk and more early electronic music approaches. In his late youth/early adult life he frequently travelled to Frankfurt attending nights at the Omen. Those nights and weekends were filled with DJs like Sven Vaeth, Dj Rush, Chris Liebing, G-Man aka Gez Varley, Hardfloor and so many more, celebrating and transporting the spirit of those days! After the closing of the Omen in late 1998 he went on to clubs like u60311, Tanzhaus West, MTW and others and eventually started his career as professional (sound) technician and light jockey. Around the year 2002 he started music production - mostly for personal fun and recreational purposes - but some records and remixes have been released since then...some of this older work can still be found on his Soundcloud! Since then he developed his own company specialized on music studio technology, room acoustic, signal flow schemes and studio furniture. Meanwhile his own studio transformed from a small Home Studio to a „room-in-room“ environment in the Logic Haus - the former home of Harthouse, Eye-Q and Snap! If he had to describe his musical style and give it a name: it would be „DubHouseTechno with a pinch of Detroit" ;) FastFoward: Year 2021 - after a 7 year break of releasing music, Rob StrobE is back with releases on imprints like Lucidflow, ASrecords, Tantara, Motech and numerous others! Rob used the time to do a major swap from software based production over to the modular and hardware world and the output speaks for itself! Enjoy his music and come pass for a visit on his social media outlets and say „hello“! THANKS FOR YOUR SUPPORT!!! COLLABORATIONS with G-Man aka Gez Varley (Swim/Quo Vadis/UK) Bo_Irion (Conaisseur/FFM) APro (Audio Emissions/FFM) Voodoe (Audio Emissions/FFM) Frank Kusserow (Data Punk/WhiteNoise/FFM) Israel Toledo (ASRecords/Mexico)
Jan Dalvik (en)

Jan Dalvik

Techno. Live. Modular.
Project Poltergeist (en)

Alexeyan

Project Poltergeist Live [Hard Techno, Psytrance, Hard Dance]
Gwen Wayne (de)

Unnamed user

Ey chill mal!!Nix da!!! Denn manche mögen's heiß, und manche mögen's nice.......und Shitstormtechno verliert NIE seine hotte credibility! Lass dich überraschen! N´abend
Flux Variations (en)

madonius

An invitation to discover classical music patterns and new music by listening carefully and letting go.
10 Mark DJ Team (de)

10 Mark DJ Team

SLOWMOTIONDISCOEXPLOSION https://soundcloud.com/10-mark-dj-team
ARKIFEL + nanoloop (en)

ARKIFEL

Dance to an internet tanuki playing live upbeat techno on a Gameboy Advance using nanoloop two, a software sequencer cartridge. Everything you hear is coming from one GBA!
Yazz Ewok DJ Set (de)

Yazz Ewok

Yazz Ewoks Mischung aus Melodic Techno, Indie Dance und kraftvollem Techno erschafft eine mitreißend wummernde Klanglandschaft. Mit ihrem Sound hat sie bereits auf der Fusion, dem Dockville, dem Habitat und dem 3000 Grad gespielt. Auch in Clubs wie dem Südpol nimmt sie ihr Publikum mit auf eine musikalische Bass-Reise.
Gregor Tresher (de)

Gregor Tresher

In the trend-driven universe of electronic dance music, Gregor Tresher is the rare artist who transcends such cycles. His secret? A relentless focus on melody and timbre, timeless musical elements that other producers often undervalue. Just as a painting or a photograph appears to move if one stares at it long enough, close listening to the stratified grooves and melodies in Tresher's music reveals an organic universe of shifting sound.
Finona Rider (de)

Finona Rider

Renowned for vibrant sets and relentless crate-digging, she carries the spirits of the city’s underground. Where dancefloor rush meets quiet mind, she is pretty much into early-2000s minimal, rare electro, house-infused old-school Goa and well deserved bleeps and bloops.

Chill Floor
Festnacht (de)

Festnacht

Festnacht is a fixture in Hamburg’s music scene. Together with L.F.T., he has steered the Neoprimitive label and event series for nearly a decade, releasing a broad range of mostly experimental electronic music from artists like Rosaceae, Children of Leir, and Alobhe, and inviting names such as Skee Mask, Anthony Rother, Bloody Mary, and Interstellar Funk to the iconic Golden Pudel Club. His DJ sets span the spectrum of Detroit-rooted techno and electro - always unpredictable, shaped by the night’s energy, and known for his skill in slowly and subtly warming up a room.
bushfya (de)

bushfya

For the Love of Music. Nothing else.
Afidissima & Alice (de)

Afidissima & Alice

Afidissima and Alice, two millennial stereotypes sharing music tips as emotional currency. Gabby radio host Afidissima delivers genre-chaotic sets drenched in dubby vibes and oozing with groove. A relentless cratedigger with questionable priorities. Alice unites musical moments and moods that refuse to be united. Seductive, whimsical, followed by familiar paths, so as not to upset the ear and inner balance. Mixed feelings becoming multiple emotions. Everything as usual – just enhanced momentum.
The Uncontrolled Manifold : dancing with sympoetic machines (de)

Christian Faubel

The Uncontrolled Manifold works with electronics and machines that possess autonomy and obstinacy. These machines are brought into interaction with each other, creating danceable polyrhythms and, at the same time, a fascinating shadow play, because the machines are mounted on an overhead projector and their interaction is projected. Analog oscillators generate self-organizing coordination dynamics and organic patterns, while motors strike rubber strings producing deep, resonant bass sounds reminiscent of shamanic drumming. Supported by the visuals spectators may feel like being dragged into the vortex of a living clock, compelled to join the performance through movement and dance.
BarbNerdy (en)

BarbNerdy

Sharing Means Caring: Most of the music of this series was recorded at a Chaos Event in the last 10 (or more) years. It is time for a new episode: https://soundcloud.com/barbnerdy/sets/mixtape-sharing-means-caring-1
Dj Sloush + Zarrt (de)

Dj Sloush aka Spitz + Zarrt

The berlin based artist duo is working under different alias solo, in duos or collectives since 2011. They are sound artists, DJs, part of Cashmere Radio (Berlin), curators, event organizers, performers and multimedia artists. “Dj Sloush aka Spitz + Zarrt aka Fellmaus will make you happy. There’s gonna be these sounds coming from the speakers, new otherworldly ones mixed with seemingly familiar yet undiscovered natural feeling waves of moods, or maybe hot and twirling rapid fire bass jumping trippin balls ones. Either way they’ll provide you with a guaranteed enjoyment of the infinite kind.”
Babooshka (de)

Babooshka

Babooshka is Marian Bodenstein, who played with several punk bands such as LASSIE, LAFFF BOX, NICK NORMAL and DBR at the moment. Under the moniker FUZZZGUN Marian is working as a graphic designer for bands, labels and other "multinational corporations". Normally Babooshka would serve you a high octane dance set rooted in 70s power pop, punk and rocknroll but for the CCCChillfloor you’ll get a certain mixture of their favorite relaxin, beautiful and tearjerking tracks, combined with some broken records to serve as analog loops and audioplay records. Babooshka is happy to play records that are normally reserved for the end of an emotional night of dance and shenanigans or even never would see the lights of the dance floor under „normal“ circumstances.
g00d news (de)

g00d news

g00d news lebt und arbeitet seit 2009 in Hamburg und ist als Vinyl-DJ Teil der lokalen Underground-Szene. Er war langjähriger Resident und Kurator im Golden Pudel Club und ist Mitbetreiber des Plattenladens Remoto-Rec. sowie des Vinyl- und Kassettenlabels V I S mit Fokus auf experimenteller Musik. Seine Sets reichen von Ambient, Experimental und outernationalen Sounds bis hin zu UK-Rave, Darkside Jungle, Hardcore, Breakbeats, Deep Techno und Freetekno. Zudem ist er kuratorisch und organisatorisch im BEEK e.V. aktiv.
Etai Darway (de)

Etai Darway

Dj Set Etai Darway
chaeza + doc (de)

chaeza + doc

Dj Set
Lila-Zoé Krauß (de)

Lila-Zoé Krauß

L Twills aka Lila-Zoé Krauß ist Musikerin, Performerin und Multimedia-Künstlerin. In ihrer Arbeit entwickelt sie eine transdisziplinäre Opernpraxis, um Fragen zur (post-)moderner Subjektivität und ihrer Beziehung zu Medien, Trauma und Erinnerung zu thematisieren. Sie studierte Bildende Kunst an der HFBK Hamburg und dem CalArts Los Angeles sowie Sound Studies an der UdK Berlin. In ihrer Musik kombiniert sie Elemente aus Downtempo, Experimentalmusik, Breakbeat und Oper mit eigens entwickelten Sounddesign-Techniken. Krauß veröffentlichte 2020 und 2024 die Vinylalben [Freedom/Fiction] und [After her Destruction] und performte auf diversen Bühnen, u.a.: Documenta Fifteen (Kassel), Kampnagel (Hamburg), Volkstheater (Wien), Montez-Press Radio (NYC), NAVEL (Los Angeles).
Weebz (en)

Weebz

WEEBZ likes to move between the odds, the rough and the soft: Breakbeat, dissonances, noise and sounds of deep dungeons belong to their mixes as well as the hymns of our hearts Most of the time the genres are mixed to an eclectic collection mirroring own confusions in the spirit of making the unmatching matching xx
Gajek (de)

Unnamed user

Gajek produces and performs electronic music. Since 2014 He released five studio albums on Labels such as STROOM, Infinite Greyscale, Throttle Records and more. Gajek composes music for films and theatre. He has performed at major international venues and festivals such like Berghain, silent green, Printworks London, Traumabar Und Kino, ADE Amsterdam, Melt Festival and many more. Gajek lives and works in Berlin.
Fimi & Nush (de)

Hanni

Fimi&Nush
Felix Kubin (de)

Felix Kubin

Felix Kubin, funkensprühender Spannungs- und Weltenwandler aus Hamburg, Verachter der Nüchternheit, lenkt die musikalische Kompassnagel Richtung Stolperdisko, Art Pop und „gute Nervmusik“. Das Tanzbein zappelt, aber die Beine laufen in verschiedene Richtungen, denn sie haben sich noch nicht synchronisiert. Hier erklingen Songs am Rande des Nervenzusammenbruchs, "Musik für junge Leute" und alle, die nicht sterben wollen. Vor allem haben es ihm die obskuren Musikversuche der Heimstudios vergangener Fostex-Generationen angetan, die Art Brut und ihre Einfärbungen durch billige, leicht zu demolierende Technologien. Felix Kubins musikalische Adoleszenz wurde durch eine Zeit geprägt, in der sich die Szenen der Kunst und Musik stark durchdrangen und Songtitel wie "Die Gesunden kommen", "Adrenalin lässt das Blut kochen" und "Hosen, die nicht aneinander passen" kein Stirnrunzeln verursachten. Eine Zeit also, in der sich die Popmusik weit aus dem Fenster lehnte und die Luft einer fremden, seltsamen Welt atmete.
Lina & Nele & Peng (de)

Lina & Nele & Peng

Nele, Peng and Lina are set to create a mesmerizing experience on the chillfloor 3c39, blending their unique artistic visions into a cohesive musical journey.Lina, with her innate talent and meticulous attention to detail, weaves ethereal melodies, esoteric rhythms, and wavey melancholy into a rich narrative. As an experienced curator of sound and atmosphere, she infuses her sets with her personal journey and history, selecting tracks that evoke deep emotions and resonate with her favorites.Nele and Peng complement Lina's artistry with their exceptional taste and ability to craft transcendental musical experiences. Each of them brings their unique flair, having proven their skills in various venues, including the renowned Kraniche bei den Elbbrücken.Together, this trio invites the audience to immerse themselves in a harmonious blend of sound, encouraging exploration of consciousness and connection with the ineffable beauty of music and place.
VVVVVAI & Steffen Bennemann (de)

VVVVVAI & Steffen Bennemann

VVVVVAI works with themes of duality, reflection, and temporal transitions. Geminiaquarius is an ongoing investigation into how states change, overlap, and coexist. The practice centers on reduction, attention, and slow unfolding. Steffen Bennemann has been active in the world of music for more than two decades. After many years as curator and promoter (Nachtdigital Festival), label owner (Holger Records) and DJ, he now focusses on his own sounds. Playing solo as well as in various collaborations, these sounds can be anything from Deep Sea Ambient to celestial Techno.
Der feine Schliv (de)

Der feine Schliv

Zwischen Rap, Tanz und Poesie, erschließt Der feine Schliv neue Räume. In ihren Performances changiert sie zwischen provokanten Auf-die-Fresse-Ansagen an das Patriarchat und empathischen Erzählungen vom Versuchen und Scheitern. Sie tritt unter anderem mit dem serbischen Nachwuchs Duo “Slezga” sowie mit den Hamburger Gruppen “Fallbeil” und “Yummy Air”auf. An der Diverstität ihrer Begleitungen zeichnet sich ihr musikalisches Universum ab, von balladigen Conscious Raps, Chansons und Witchy Toasting.
Betontes Schonen (de)

Jeanette

Dj Set
Der verlängerte Atem pres. Ghost Processes (de)

Martin, Fiona, Jil

Der verlängerte Atem pres. Ghost Processes Seit 2020 sendet Der verlängerte Atem regelmäßig auf HALLO:Radio und tourt mit Gastauftritten auf Festivals und Veranstaltungen in und um Hamburg. Als offenes Radiolabor zwischen Musik, Redebeiträgen und thematisch passenden Audio-Snippets, verweben die Vinyl-DJs, Künstlerinnen und Radiomacherinnen Fiona Grassl, Jil Lahr und Martin Ramacher analoge Klänge, Stimmen und Gedanken zu thematischen Sendungen. Für den 39C3 fährt Der Verlängerte Atem das System herunter - und wieder hoch. Und findet dazwischen: Prozesse ohne Besitzer, Threads ohne Aufgaben, Routinen, die längst beendet sein sollten und doch weiterlaufen. Geisterprozesse flüstern im Hintergrund, aktualisieren sich selbst, verlieren den Takt oder schlafen zu tief, um je zurückzukehren. Zwischen knisterndem Vinyl, digitalem Summen, Glitches und verspielten Redebeiträgen entstehen live Sound-Landschaften, in denen nichts ganz verschwindet - und alles wiederkehrt. Spooky.
Cloud Management (de)

Cloud Management

Operating in a mode of Kluster via Pole, Dub Syndicate at Conny Plank's, or even fang-baring flashes of The Bug and Bryn Jones or Peak Oil modernism, the trio approach the project from the more oblique angles of respective projects Datashock, Phantom Horse and Love-Songs, to probe a more soft-centred, dematerialised and heady sound, but also reserve the right to go tuffer, more venomous, when they feel it.
kathadingsda (en)

dingsda

kathadingsda vereint treibende Beats und sanfte Grooves mit dubbigen Elementen und experimentellen Klängen. So entstehen warme, organische Soundwelten, die sich stetig verändern und in Bewegung bleiben.
Nixe (de)

Nixe

Dj Set

Vorglühmarkt
stornoline (de)

Sassi

service for dance trips ⏰✨💫⏰✨💫⏰✨💫⏰✨💫 zocke für euch housy rave essentials mit nostalgischen vocals und acid lines & mache sachen bei @diskobabel 💕 und @entropiefestival ⚡️
Aladdin (de)

Hamdi

Hamdi (Berlin) House and minimal techno built for immersion. Extended mixes, controlled pacing, and Fog-filled rooms where the story unfolds gradually.
Loui Beton (en)

Loui Beton

Lets get besinnlich at the 39C3
Zweite Sahne & Olga Rhythmus (en)

Tesa

A DJ duo from Frankfurt playing technoid Dark Disco. Soundcloud: https://on.soundcloud.com/ieVMVNI9qlqR6BNBHh
lisaholic (live beatset) (en)

lisaholic

Lisaholic - breakbeat / bass / vocals liveloopset with a drum computer and a loopstation.
HolleLang (en)

HolleLang

HolleLang has been supplying the dance floor with his ever evolving personal blend of Dub infected Techno, rooted both in House and flashing Rave music alike. A seasoned vinyl dj HolleLang does not overestimate the medium but focuses on the music and atmosphere. No punishing jockey from the dark side, his sets are known to vibrate with well wishing force and sometimes fierce intensity though while keeping a good sexy groove going. Former resident of well received "No f**ing Day Can Destroy My Love" party series, and long running host of Gumbo Frisst Schmidt/Nachtschleifer radio live broadcast on Hamburg‘s decades old independent station FSK, HolleLang unites both ceremonial dj talent and activist attitude to serve the community. He loves music so much, especially house music ❤️ Look at https://soundcloud.com/hollelang.
Ingo Boss (de)

Ingo Boss

Ingo Boss