Mona
In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity. This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere.
Shipei Qu, Zikai Xu, Xuangan Xiao
We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.
Paul Koetter
It is 1976 and the USA long stopped going to the Moon when a Soviet automatic landing station called Luna 24 descends to the Lunar surface. It touches down on 3.3 Billion year old rock formations at a place no mission has ever gone before. What exactly happened remains a mystery to this day, but the space probe managed to take a 2.3 m long drill core from the Lunar regolith, packaged the sample in a genius way and launched it for its voyage to Earth. Some days later the sample entered earths atmosphere and landed in remote Siberia and ended up in our hands more than 50 Years later. We tell the story of the sample, the people that brought it to Earth and how we analyzed it with the newest methods including µm sized high intensity X-ray beams, 30kV electron beams and LN2 cooled infrared spectrometers.
Anne Lüscher
**Over the past few decades, nucleic acids have increasingly been investigated as alternative data storage media and platforms for molecular computing. This talk builds on past research and introduces another branch to the field: DNA cryptography based on random chemistry. This technology provides a platform for conceiving new security architectures that bridge the physical with the digital world.**
Philo
What does knitting have to do with espionage? Can embroidery help your mental health? This talk shows how the skills to create textile art have enabled people to resist and to persist under oppressive regimes for centuries. And it offers ways to keep doing so.
Johann Rehberger
This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, AWS Kiro, and others. Exploits will impact confidentiality, system integrity, and the future of AI-driven automation, including remote code execution, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure. Which are known as "ZombAIs", a term first coined by the presenter as well as long-term prompt injection persistence in AI coding agents. Additionally, we will explore how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). Finally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.
Bernd
A brief history of typographic misbehavior or intended and unintended uses of variable fonts. Nine years after the introduction of variable fonts, their most exciting uses have little to do with what variable fonts originally were intended for and their original promise of smaller file sizes. The talk looks at how designers turned a pragmatic font format into a field for experimentation — from animated typography and uniwidth button text to pattern fonts and typographic side effects with unintended aesthetics. Using examples from projects such as TypoLabs, Marjoree, Kario (the variable font that’s used as part of the 39C3 visual identity), and Bronco, we’ll explore how variable fonts evolved from efficiency tools into creative systems — and why the most interesting ideas often emerge when technology is used in unintended ways.
Hendrik Ballhausen
Der Trend geht dahin, aus Gesundheitsdaten große zentralisierte Datenbanken aufzubauen. Eine datensparsame Alternative dazu ist, in einem verschlüsseltem Netzwerk gemeinsam auf verteilten privaten Daten zu rechnen, ohne sie miteinander teilen zu müssen. Perspektivisch können so demokratischere Datenströme geschaffen werden, die Patient:innen als aktiv Teilhabende statt als passive Datenquellen einbinden. Kommt mit auf eine Reise, die vor sechs Jahren in Deutschland gestartet ist und jetzt die erste europäische klinische Studie mit Secure Multiparty Computation (SMPC) realisiert hat.
Marco Wähner
Der Vortrag diskutiert Herausforderungen dezentraler Netzwerke aus soziologischer Perspektive. Als dezentrale Netzwerke werden technische Infrastrukturen verstanden, die nicht von einer zentralen Autorität, sondern verteilt über Instanzen zur Verfügung gestellt werden. Nutzer:innen profitieren von dieser Infrastruktur, nutzen beispielsweise das Fediverse oder das Tor-Netzwerk, ohne zur Infrastruktur beizutragen. Zugleich können dezentrale Netzwerke nur dann bestehen, wenn hinreichende Ressourcen von Personen oder Organisationen mobilisiert werden, um das Netzwerk überhaupt zur Verfügung zu stellen. Dies führt zur originären Instabilität dezentraler Netzwerke, wenn nicht der Weg der Kommodifizierung des Nutzer:innenverhaltens eingeschlagen wird. Aufbauend auf dieser Zustandsbeschreibung, werden Bedingungen erörtert, um Kollektivgüter wie dezentrale Netzwerke organisatorisch (und nicht technisch) herzustellen. Hierzu zählen Partizipation oder die Idee einer öffentlichen Grundfinanzierung. Der Vortrag wird neben soziologischen Ideen und harten Zahlen auch durch eine ordentliche Portion Idealismus zu Fragen der Souveränität und Autonomität in der Digitalisierung motiviert.
Mike Perry
HostileShop is a python-based tool for generating prompt injections and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections against LLMs, by having LLMs attack other LLMs. It's LLMs all the way down. HostileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then, I have expanded HostileShop to generate injections for the entire LLM frontier, as well as to mutate jailbreaks to bypass prompt filters, adapt to LLM updates, and to give advice on performing injections against other agent systems. In this talk, I will give you an overview of LLM Agent hacking. I will cover LLM context window formats, LLM agents, agent vulnerability surface, and the prompting and efficiency insights that led to the success of HostileShop.
chaeza + doc
Dj Set
Lila-Zoé Krauß
L Twills aka Lila-Zoé Krauß ist Musikerin, Performerin und Multimedia-Künstlerin. In ihrer Arbeit entwickelt sie eine transdisziplinäre Opernpraxis, um Fragen zur (post-)moderner Subjektivität und ihrer Beziehung zu Medien, Trauma und Erinnerung zu thematisieren. Sie studierte Bildende Kunst an der HFBK Hamburg und dem CalArts Los Angeles sowie Sound Studies an der UdK Berlin. In ihrer Musik kombiniert sie Elemente aus Downtempo, Experimentalmusik, Breakbeat und Oper mit eigens entwickelten Sounddesign-Techniken. Krauß veröffentlichte 2020 und 2024 die Vinylalben [Freedom/Fiction] und [After her Destruction] und performte auf diversen Bühnen, u.a.: Documenta Fifteen (Kassel), Kampnagel (Hamburg), Volkstheater (Wien), Montez-Press Radio (NYC), NAVEL (Los Angeles).
Weebz
WEEBZ likes to move between the odds, the rough and the soft: Breakbeat, dissonances, noise and sounds of deep dungeons belong to their mixes as well as the hymns of our hearts Most of the time the genres are mixed to an eclectic collection mirroring own confusions in the spirit of making the unmatching matching xx