Welcome to Hacking in Parallel.

Lets fire this up.

We'll look at the role IT and software play in modern manufacturing, with a twist on the semiconductor industry. Since I'm a security guy, we'll mostly focus on the sorry state of that.

It gives an overview of the Matrix World. Showcasing and spotlightning projects and developments.
Goal of the workshop is to educate people enough to run their own matrix-homeserver and federate with others.

Das US-Militär hat massenhaft Geräte zur biometrischen Erfassung von Menschen in Afghanistan genutzt. Einige Geräte wurden beim hastigen Abzug der NATO-Truppen zurückgelassen. Wir haben bei Analysen solcher Geräte große Mengen an biometrischen und weiteren personenbezogenen Daten gefunden. In den falschen Händen bedeuten diese Daten Lebensgefahr für Menschen in Afghanistan und Irak.

Nazis, Querdenken und andere verschwörungsideologische Aufmärsche - welche Möglichkeiten gibt es, in Einklang mit Versammlungsgesetzen und in Verhandlungen mit Polizei und Versammlungsbehörden legal zu blockieren? Ein How-To aus den Erfahrungen bei @QuerstellenDD.

''Learn Arduino using TV-B-Gone as an example project''



You've probably heard lots about '''Arduino'''. But if you don't know what it is, or how you can use it to do all sorts of cool things, then this fun and easy workshop is for you. As an example project, we'll be creating a '''TV-B-Gone''' remote control out of an '''Arduino''' you can take home with you.

Workshop exploring Regenerative design in the context of a rural community art and hackerspace in the small Welsh speaking town of Caernarfon in rural North Wales.

In IT security we have been preoccupied with failures, with things that go wrong, and so we count the negatives -- the times when we failed. How about we seriously started counting the positives? More importantly, what if by adding more and more constraints to avoid the holes we have found, we are also removing the positive capacities in the system, thereby hurting our chance of success more than we hurt our chance of failure? In this talk, I will try to highlight how IT security could be done differently, by trying to focus on what goes right, rather than only focusing on what goes wrong, learning from our successes, and reinforcing them, so when next time the storm comes, we will have enough positive slack in the system to withstand the attack.

Have you ever wondered how fabric is actually woven? In this discussion i will take you along for the journey from initial concept to final wearable product of a high-fashion modern-designed wool scarf. Topics from the chemistry science of fiber and dyeing to the utilization of computer-assisted pattern design will be covered.

The C programming language first appeared in 1972 and became enormously popular. It has this magical combination of features that allows developers to quickly write portable code that can be reused and easily ported to different architectures. It has been the foundation of most operating systems and systems programming in the past 50 years.

Da zukünftige Quantencomputer besonders gut darin sind, klassische Verschlüsselungen zu knacken, werden andere Formen der Schlüsselgenerierung benötigt.
Eine mögliche Lösung ist die Erzeugung von sogenannten Quantenschlüsseln, die eine besondere Eigenheit der Quantenmechanik ausnutzen.
Statt mit einzelnen Photonen werden wir im Workshop einen Schlüssel mit dem extra dafür entwickelten Quantenschlüsselgenerator, kurz Qey-Gen, erzeugen. So kann jeder direkt hands-on das Verfahren ausprobieren und verstehen.

Going through the reasoning and design decisions made while creating pentagon shaped PCBs and a case for a 12 sided platonic solid.

The "Enhanced Border Security Partnership" poses an unprecedented threat to civil liberties in Europe.

stand up hacking - 8 dynamically allocated Slots(5min presentation + 5min conversation with the audience)
Past hacks here: https://berlinhackandtell.rocks

In this workshop you will learn C through many hands on exercises of varying difficulty or bring-your-own projects. Everyone will be learning on their own time, the only requirement is motivation! Groups welcome as well, and if you already started a small project I can also provide you a small review and perhaps ideas on how to improve.

The platform will be mostly Linux and UNIX/POSIX (BSD, macOS, Solaris) due to personal experience there, but Windows is possible as well (with a bit more limited help). Alternatively the Windows Subsystem for Linux can be used to develop and target Linux from Windows.

We summarize howto secure Kubernetes clusters in critical infrastructure and give insights from the machine rooms.

In this panel, we'll bring current and former hacktivists together to discuss their experiences and their opinions on how this form of activism has evolved through the years and what space it'll have in the future of activism around the world.

I wil talk why perimeter security is no longer a useful security principle, what could replace it and how to migrate

A look into present and upcoming binary package repository management tooling for pacman
based distributions such as Arch Linux, which can also be used by individuals
hosting their private repositories.

Following on from the failure of COP27 and recent events that seem to show that our models underestimated climate sensitivity to CO2 by at least an order of magnitude, it appears that climate chaos is unavoidable. How we build everything from now on will have to have resilience built in at its core, but this is very different to the way we have previously thought about technology. This talk aims to describe some of the problem space and how the presenters experience with disasters and crisis has shaped some of their work in the payments technology space.

Introduction to open source PDKs for making custom Asics and the work involved in taping out a small systolic array using only open-source tooling, and also applications to systolic arrays

Fully automated puppet theater, 17 minutes (starts on demand)
Clemens Schöll, 2020

In the "little automation theater" the story is told of the princess (who wants to move to Berlin after her art studies), Kasperle and the Wohnungsbot (apartment bot - who must realize that there are no technical solutions to social problems). The stage adaptation of the software success!

It is useful to separate the economics and scams that surround cryptocurrencies from the systems being built within their auspices. This talk will provide a survey over the distributed systems and cryptographic advances over the last couple years that you may have missed within the hype.

A few years ago I came up with an idea to help myself that would later develop into a video game project. It has taught me more than I would have expected so far and I would really like to share those things with you!

DISCLAIMER: This talk may touch on some triggering topics. We will give a heads up before mentioning them within the talk so you can choose to leave the room or put some headphones on temporarily. We hope this works for you!

Librevent is a browser extension allowing any user to copy and republish (“scrape”) data about events posted on proprietary platforms onto free libre and open source decentralized networks.

For now, Librevents focuses on liberating events data (description, date and time, location) from Facebook onto Mobilizon, an event-management platform alternative part of the Fediverse*.

The intention behind Librevents is to feed alternative ethical platforms like Mobilizon with content, in order to help them counter the “network effect” (users staying on Facebook because the information is only available there). The concept of “data liberation” could later be applied to other types of contents and platforms.

The data we liberate is initially posted as a “public event” by the organizer. We make this data truly “public” and available on free platforms, without violating the organizer’s original intentions.

''Learn to solder by making a cool, powerful music synthesizer,
       and learn to generate cool music, sound, and noise! with computer chips -- for total newbies''

This workshop introduces basic concepts of x64 binary exploitation on Linux.

The workshop consists of a collection of increasingly difficult pwn challenges and is accompanied by a presentation and set of slides that first introduce basic concepts and then apply them to those challenges.

Not only since the Pegasus Project, which exposed the surveillance of numerous activists, journalists and opposition figures by the NSO Group's Pegasus state malware, state malware have posed a threat to the privacy of those affected and their contacts. In order to make such attacks visible and provable, analyses are needed using methods and tools similar to those used by security agencies, but which should be open source and adhere to ethical standards of consensual forensics. In our workshop we want to give an overview of what approaches, methods, and tools are suitable for these analyses to best perform forensic data extraction in a civilian context and present what tools and scripts we have developed ourselves. We all work in civil forensics ourselves and want to share our experiences on what has worked for us and what has not.
The presented tools are of course not only suitable for the search of state malware, but also for any other malware such as stalkerware or ransomware.

The aim of this talk is to explore public usage of social media and reactions to different hostilities in 2022 utilizing topic modeling and social network analysis.

Matthias Maurer beschreibt den Mond als unser Sprungbrett zum Mars. Und nicht nur für Missionen zum nächsten Planeten, sondern auch für wesentlich weiter entfernte Ziele, wo nie ein Mensch zuvor gewesen ist, wird es unabdingbar sein, den Mond als Trainingsgelände zu nutzen. Mit Hilfe unserer CubeR soll die Oberfläche des Mondes sowohl für die Wissenschaft als auch für die Industrie zugänglich werden. Unsere nach einem offenen Standard entwickelten Nano-Rover stellen eine Grundlage für die Erforschung der unendlichen Weiten des Weltraums dar.

A short introduction into sinter based FFF/FDM metal additive manufacturing at home (as far as it can be done)

Most open-source projects have limit lifetime: at some point in time development stops and the project becomes unmaintained. A lot of projects often do not even reach the stage, where they are used by a critical mass of users.

In this talk, I will go through the steps of continuing an open-source project using my lessons learned from forking Google's MyTracks and crafting it into OpenTracks.

Over the past couple of years, I've grown a new hobby of programming retro puzzle games in the Go programming language. This led to my first commercial puzzle adventure game, Dr. Kobushi's Labyrinthine Laboratory, being published on Nintendo Switch while being written fully in Go!

But isn't Go a network applications language? Can you really have fun creating all sorts of games in Go? Not only is the answer a resounding "yes", but you can then easily compile your game to ship it for Windows, Mac (including notarized, Universal apps), Linux, iPhone, Android and even Nintendo Switch!

In this workshop, we'll create a simple arcade game together using Go and the Ebitengine game library for Go. Basic knowledge of the Go programming language is recommended, but not much else!

Most bug bounty platforms list subdomain takeover as "not in scope", but could it be interesting anyways? Yes! This talk will show you what this kind of problem is and how it can be mitigated at scale (and where it isn't).

The world is getting more digital and activism is as well.
But the world of It security can seem overwhelming and its easy to feel lost and helpless. In this talk I want to present the IT security guidelines that I am developing right now. They are meant to help for activists to find fitting security measures for a given activism project, without being 300 pages long or overly complex. Ideally they empower non technical individuals to protect their data better and make informed decisicions about their personal it security.

Want to learn reverse engineering? Looking for the tool assisting you in reversing almost everything? With Frida, you can reprogram software during runtime, so-called hooking, and view or change the program logic without source code access.

From regular furniture to geodesic domes.
With an extra of: why you shouldn't repair your ceiling for free (and I did it anyway)

Ever wondered why the Linux Desktop shifts to the Wayland protocol? What exactly makes it "better", how do it's internals exactly work and how YOU could utilize it? I'll give you a quick rundown!

In this workshop I'll walk you through the process of designing and making stencils using a laser/vinyl cutter. Come if you've ever wanted to cover something in paint. No arts skills needed!

We're creating a network of maker networks – very meta indeed. Through this we want to leverage the potential of open hardware for digital innovation, skill building and job creation.

Lightning Talks Day 2 -- limited to 15 minutes

Zapps are a portable packaging format for linux executables that works on every distro, ever -- and indeed, even on FreeBSD. Warpforge is a build sandboxing and package releasing tool based on hashes-go-in-hashes-come-out, hyperfocused on reproducibility and explainability. Both are part of a quest to build a more freely-composable story for how we work with our computers and share our software.

Videorecording of a Sci-Fi Marionette-Theatre-Extravaganza that never happened

We define and explore two versions of hope: blind and cognitive. What's the difference between them and do we need—or can we even have—a version of those? In other words: is there hope for this world?

DNS over CoAP is a new Internet protocol that enables constrained IoT devices similar name resolution security as DNS over HTTPS. This talks presents the protocol and discusses its benefits over other DNS solutions.

Hare is a new systems programming language for writing free software. This talk will introduce the language and share some of its essential ideas.

Überall auf der Welt arbeiten Menschen in Makerspaces, Hackerspaces, offenen Werkstätten daran, Probleme ihrer Community zu lösen.

The History, State, and Potential of Scientific Journalism, For a More Accountable and Reproducible Media Ecosystem.

''Learn how to program LED strips.
It's super easy and fun to make your life trippy and beautiful.
For total beginners.''

Today, age verification in e-commerce implies identity verification, one way or the other. In this talk, we first look at existing solutions for age restriction and their shortcomings. We then present a design for a privacy-friendly method that binds age restriction to the ability to pay (rather than identification) and that is aligned with the principle of subsidiarity. We show how this scheme is integrated with the GNU Taler payment system, making it the first fully privacy-friendly payment system with age restriction.

Learn how to easily go from an idea to a professional-looking LED project. Including designing and creating your own PCBs and cases, why this is so much fun, and why all of this is easier than you expect.

Many websites need interactive maps - be it for directions or interactive data visualisations. Commercial map services are very expensive and problematic from a data privacy perspective, and building your own vector map service often fails due to the very high technical complexity. With OpenCloudTiles, an open stack is being developed that is free of proprietary licences. It was designed from the beginning to be easy to use for beginners as well as flexible for experts. Michael Kreil presents the progress made, the next steps and the problems that still need to be solved.

In diesem Vortrag wollen wir uns einmal auf eine kleine Reise durch die technischen Grundlagen des internationalen Hochschul-WLANs "eduroam" begeben.

Trading of zero day vulnerabilities is still possible and common.
But what does that mean for their judicial admissibility? Can the analysis results of the phone's data be used in court if vulnerabilities for the device are available at Zero day vendors?

Are you the kind of person who enjoys putting weird stuff into web forms and watching them try to handle that? Would you put yourself on the chaotic side of an alignment chart? Is your reaction to "there be dragons" to invite the dragons in?
In that case, this talk may be for you. I want to explain some of the most common kinds of unexpected input on a level that beginners should be able to understand.

Learn how to make LED strips glow and how to plan & build your own LED project!

Ein Plädoyer für anonyme, niedrigschwellige, rechtssichere und ethische Disclosure Prozesse

Wenn der Bund sagt: “Hack mich!” kann er Sicherheitsforscher:innen danach schlecht mit dem Hackerparagraphen zur Rechenschaft ziehen. Das ist die Kernidee des Bunten Bug Bountys.

Das Melden von Sicherheitslücken und Datenlecks ist in Deutschland aktuell ein riskantes und aufwändiges Unterfangen. Erfahrungsgemäß besteht 60 - 80% des Aufwandes darin, die Lücke und das Datenleck so zu dokumentieren, dass die Sicherheitsforscher:innen juristisch nicht angreifbar sind.
Sowohl von Seiten der EU [1] als auch die Deutsche Bundeswehr [2] gibt es hier bereits etablierte Angebote. Entsprechend haben wir im Rahmen des Cybersicherheitsdialog des BSI [3] im September diesen Jahres das Projekt “B3 - Buntes Bug Bounty” gestartet. Ziel des Projektes ist es einen ethischen, niedrigschwelligen und rechtssicherer Meldeprozess für Sicherheitslücken und Datenlecks zu entwickeln. Im Rahmen des Vortrags soll der aktuelle Stand der Diskussion vorgestellt und zur Teilnahme an der Diskussion eingeladen werden.

[1] https://joinup.ec.europa.eu/collection/eu-fossa-2/about
[2] https://www.bundeswehr.de/de/security-policy
[3] https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Leistungen-und-Kooperationen/Digitaler-Verbraucherschutz/Projekt-Dialog-fuer-Cyber-Sicherheit/Dialog-fuer-Cyber-Sicherheit_node.html

The field of AI security, or more specifically ML security, is only just developing. Although a growing number of attack types on ML training data, training, models, and deployments have been discovered, there is no agreement on a clear taxonomy yet. In this workshop we will look at different ML attack types and try to come up with a systematization and a mapping to cyber/infosec attack types and tools.

ein vortrag über raumstationslinguistik.
und warum vieles nicht so ist wie es scheint.

Everything started with a Python script that helped discover a memory leak in the Linux Bluetooth stack. After expanding it to a rock-solid fuzzer targeting the Linux Bluetooth stack and discovering more bugs, we extend it to Wi-Fi. 💥 BOOM 💥! A heap overflow (CVE-2022-41674) and more severe vulnerabilities that do not require user interaction and also affect Android devices.

70% of all people experience "impostor syndrome" at least once in their life. In this workshop we will explore the phenomenon and the feeling in ourselves and in group setting by discussing and trying out some of the techniques that have been found useful in countering the paralyzing effects.

Lightning Talks Day 3 -- limited to 15 minutes

Am 10. November hat der IT Planungsrat das Rahmenwerk für die deutsche Verwaltungscloud beschlossen. Wir schauen uns den Inhalt an und diskutieren die Konsequenzen für die Infrastruktur der IT in den Behörden.

Dieser Wettbewerb hat ein einfaches Prinzip: der Vortragende sieht die Folien seiner Präsentation bei Beginn seines Vortrages zum ersten Mal.

Seit Mai 2022 laufen die Verhandlungen über ein umfassendes neues Überwachungsprogramm der Europäischen Union, das als 'Chatkontrolle' bereits zu zweifelhaftem Ruhm gekommen ist. Nach den Plänen der EU-Kommission sollen unter dem Deckmantel des Kinder- und Jugendschutzes künftig Kommunikations- und Hostingdienste, ob verschlüsselt oder nicht, dazu verpflichtet werden sämtliche Inhalte zu durchleuchten und verdächtiges Material und 'Grooming' an eine eng an Europol angebundene zentrale Stelle weiterzuleiten. Das bundesweite Bündnis Chatkontrolle Stoppen! sowie die europäische Kampagne StopScanningMe.eu versuchen diese dystopischen Pläne zu verhindern.

My printer is only supported through proprietary drivers using a custom CUPS filter to convert PDFs/Images/... into a printer-specific Page Description Language such as PJL or PCL. However, CUPS is to deprecate filter based printer drivers in favor of IPP which every new printer supports. Mine doesn't. However, CUPS/OpenPrinting have designed PAPPL, a library to turn old printer filters/drivers into "Printer Applications". These are self-contained (and thus sandboxable) small daemons that provide an IPP server on localhost for applications to interface with, and spit out the commands necessary to talk to the printer in question. My goal is to write such a printer application for my printer. I havehad no previous knowledge of printing in general and on Linux and UNIX/macOS specifically, so this is taking rather long (and is by no means finished).

Live music set by Eigenform, an electronic music and multimedia project.

Screening of the horror movie "Masking Threshole" by Johannes Grenzfurthner

Two projects on different timelines. Future Tech and Ancient Tech! Together at Last!

Have you ever wondered how fabric is actually woven? In this discussion i will take you along for the journey from initial concept to final wearable product of a high-fashion modern-designed wool scarf. Topics from the chemistry science of fiber and dyeing to the utilization of computer-assisted pattern design will be covered.

Decentralised social media services after spending decades in obscurity, are finally seeing mainstream adoption. While they offer
the promise of a communication platform without a corporate overlord, they struggle to be a safe place for many users. In this talk, I
explore the ways that decentralised social platforms struggle with moderation and harassment in a way that many previous platforms
didn't. I will explore the ways things like Mastodon struggle to protect its users from harassment, what people are doing there now to mitigate the problem, what past platforms did to address this problem, and possible solutions currently being explored.

Hacking the badge is not hard, once you get over the initial hump of setting up your system. We will show you a way to ge tup & running in minutes, to unleash your creative hacker powers.

Eine Kunstform und eine Naturwissenschaft. Schwer vereinbare Gegensätze auf den ersten Blick, doch lohnt sich ein zweiter…

Cross-Site Scripting (XSS) is still the most common security issue on the web - with no easy way to be prevented. The talk will provide the necessary background on XSS and where previous approaches failed. Then we will present the Sanitizer API, a new and upcoming browser API that solves this issue.

Review & Closing done by crew