Enna Gerhard, Frieder Nake
What power structures are inherent to the field of computer-generated art? In the year 1965, so 60 years ago, the first three exhibitions of art created with the help of computers took place - in part independently of each other. We want to present the interesting aspects of developments since then and discuss them with Frieder Nake, one of the people who exhibited in those very beginnings and followed those developments with a critical attitude.
Alon Leviev
This talk reveals our in-depth vulnerability research on the Windows Recovery Environment (WinRE) and its implications for BitLocker, Windows’ cornerstone for data protection. We will walk through the research methodology, uncover new 0-day vulnerabilities, and showcase full-chain exploitations that enabled us to bypass BitLocker and extract all the protected data in several different ways. This talk goes beyond theory - as each vulnerability will be accompanied by a demo video showcasing the complete exploitation chain. To conclude the talk, we will share Microsoft’s key takeaways from this research and outline our approach to hardening WinRE and BitLocker.
0ddc0de, gannimo, Philipp
Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The word "Trusted" in this context means that **you**, as in "the owner of the device", don't get to execute code in this execution environment. Even when you unlock the bootloader and Magisk-root your device, only vendor-signed code will be accepted by the TEE. This unfortunate setup limits third-party security research to the observation of input/output behavior and static manual reverse engineering of TEE components. In this talk, we take you with us on our journey to regain power over the highest privilege level on Xiaomi devices. Specifically, we are targeting the Xiaomi Redmi 11s and will walk through the steps necessary to escalate our privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3). We will revisit old friends like Trusted Application rollback attacks and GlobalPlatform's design flaw, and introduce novel findings like the literal fiasco you can achieve when you're introducing micro kernels without knowing what you're doing. In detail, we will elaborate on the precise exploitation steps taken and mitigations overcome at each stage of our exploit chain, and finally demo our exploits on stage. Regaining full control over our devices is the first step to deeply understand popular TEE-protected use cases including, but not limited to, mobile payment, mobile DRM solutions, and the mechanisms protecting your biometric authentication data.
Zhongrui Li, Yizhe Zhuang, Kira Chen
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits. In this presentation, we will share our in-depth analysis of this attack, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55177 and CVE-2025-43300. We will demonstrate how attackers chained these vulnerabilities to remotely compromise WhatsApp and the underlying iOS system without any user interaction or awareness. Following our analysis, we successfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones, iPads, and Macs. Finally, we will present our analysis of related vulnerabilities affecting Samsung devices (such as CVE-2025-21043) and share how this investigation led us to discover additional, previously unknown 0-day vulnerabilities.
Helena Nikonole
This presentation examines artistic practices that engage with sociotechnical systems through tactical interventions. The talk proposes art as a form of infrastructural critique and counter-technology. It also introduces a forthcoming HackLab designed to foster collaborative development of open-source tools addressing digital authoritarianism, surveillance capitalism, propaganda infrastructures, and ideological warfare.
tippel radio
Das "tipple radio" ist eine Collage von Singer-Songwriter-Konzert und szenischer Lesung. Es trägt gecoverte und selbstgeschriebene Songs und Medleys von Punk über Hamburger Schule bis Schlager mit Gitarre und Gesang vor und verknüpft die Inhalte der Songs miteinander. Es entsteht ein Geflecht von Musik und Text, dass Aufbrüche in Abgründen aufzeigt und Hoffnung macht sich gegen die Faschisierung in der Gesellschaft zusammen zu schließen.
Einschiss
Einschiss ist DER Ausnahmekünstler zwischen den Stationen Paracelsus Bad und Rathaus Reinickendorf der U8. Gefangen im Körper eines Mannes mit Charaktermodell German_default_3_bearded.obj macht Einschiss Musik gegen die Dinge die nerven: Nazis, Arbeit und Consent Forms (und Arbeit). Dabei setzt er modernste Technologien ein, um einen Typen so klingen zu lassen, als wäre es ein Typ mit Backing Track. Für mehr Musiker:innen hat das Bier nicht gereicht. Sorry.
elenos
Das Konzept ist simpel: Wir singen zusammen. Im Angebot haben wir vier Kategorien: Politische Classics, Punkrock-Hymnen, Antifaschistische Jodler und Umverteilungs-Hits des Quartiersmanagements Grunewald in der ansprechenden Karaoke-Variante. Man muss nichts können. Mit charmanter Anleitung manövrieren wir uns zusammen durch kollektive Dissonanzen!