Lectures

Lectures

Opening – Dimitri “Hobbybob” Modderman

Yet another edition of Hackerhotel. During this talk Dimitri will welcome you all.
Want to see last years opening ?
Check it out HERE.

Dimitri is a laser enthousiast building his own lasercutters, laserprojectors and is chairman of the Bitlair hackerspace in Amersfoort. Since 1991 he has organised LAN parties and in 2013 he was Head of LOC (Light Operations Center) at the dutch hackerfestival OHM2013.

Hack your body, One implant at a time – Patrick Paumen

I’ll show and demonstrate how I use my 9 RFID & RFID/NFC tag implants to interact with different RFID readers in door locks and other electronics. How I’ve used cloning devices to clone different RFID cards/keyfobs to my implants. I’ll demonstrate the newest prototype implant (VivoKey) which I use for PGP encryption/decryption/signing and for 2-factor authentication. Also answers to common questions like “what if you have to go through security at an airport? can the implants break? what if you need an MRI?”

Bio Patrick Paumen:

Patrick Paumen is a biohacker who has been experimenting with implants since 2011. He has 15 implants total; 5 biomagnets and 9 RFID transponders from biohacking company Dangerous Things. The biomagnets allow Patrick to sense magnetic fields, as well as lift small objects. The different RFID implants are mostly for access control applications like unlocking doors at his home, office, and car, as well as unlocking his smartphone and logging into his laptop. He can also share contact details or other data, control electronics, and measure body temperature. His latest implant is VivoKey from Dangerous Things which is capable of running security software and performing cryptographic tasks. Patrick has been featured in multiple national and international media publications, including the Wallstreet Journal and documentaries about Cyborgs.

A talk about social engineering   – ijskimo 

De wereld is een maffe plaats. Als je iemand vertelt dat er 3×10^22 sterren in het heelal zijn dan gelooft hij je direct, maar als je zegt dat de verf op een deur nog nat is, moet er altijd even gevoeld worden. Dat laatste is minder gek dan het lijkt. De wereld zit namelijk vol leugens. Grote en kleine. Je baas, een vriend, de verkoper in de mediamarkt. Het lijkt wel of er altijd een dubbele agenda is. 

Ik ben Social Engineer. Al vanaf jonge leeftijd houd ik mij bezig met deze kunst van het beïnvloeden. De wereld van truuks en halve waarheden heeft mij altijd gefascineerd. Of het nu gaat om goochelaars of andere beïnvoedingskunstenaars. Ik wil weten hoe- en vooral waarom het werkt. Na mijn afstuderen ben ik lange tijd werkzaam geweest bij een bedrijf dat beveiligingstests uitvoerde en trainingen gaf. Daar heb ik mij kunnen verdiepen in veel spannende scenario’s die ik vervolgens in de praktijk mocht uitproberen.  In 2009 besloot ik de commerciele IT te verruilen voor een baan bij de rijksoverheid waar ik nu werkzaam ben in een kenniscentrum. Daarnaast sta ik regelmatig voor de klas bij securityacademy in Woerden.

Niet alleen op mijn werk maar ook privé zie ik regelmatig situaties die mijn interesse als social engineer hebben. Sommige verhalen zijn leuk of interessant genoeg om te delen.

Wifi Tracking Enschede:
The good, the bad and the ugly – Dave Borghuis

Since September 6th 2017 the municipality Enschede tracks the shopping public by means of citywide WiFi Tracking. Even though the “Autoriteit Persoonsgegevens” indicates that these are unwanted practices the municipality went ahead and commisioned company CityTraffic to execute this.

Dave filed a complaint to the municipality of Enschede to stop WiFi Tracking.
In his talk he speaks about the official rules that apply here and his experience with the municipality Enschede, CityTraffic and current status of his complaint.

Keynote speech Friday 16th of February
Fifty shades of Nasty – Eward Driehuis

Three years ago, risk was easy. If you had money, organized fraudsters would go after that, if you had secrets, spies would like to have those. Today, activists and nation states blend into the mix. Techniques, tactics and procedures are blending and blurring.

 

Bio:
Eward is sinds 1 maart 2017 als Chief Research Officer verantwoordelijk voor onderzoeken binnen SecureLink. Als security-veteraan met een achtergrond als ontwerper, heeft hij een passie voor cybersecurity, innovatie en uitgebreide ervaring met het bestrijden van cybercriminaliteit. Hij heeft aan de zijde van zowel opsporingsdiensten als van grote multinationals gestaan. In meer dan 20 jaar heeft Eward van de VS tot in Australië gewerkt met banken, overheden en corporates. Zijn CV bevat onder meer de rol CTO en business director en de afgelopen 8 jaar Director of Product Management and Marketing bij Fox-IT. Tevens heeft hij meerdere bedrijven geholpen internationaal door te breken in software en security.

SHA2017 Badge talk – Anne-Jan Brouwer / Bas van Sisseren

A talk about the realisation of the badge for the SHA2017 event. A small history of electronic conference badges. From ideas and goals we had in mind until the final result that ended up in the hands of 3600 hackers. We take a deep dive into problems we encountered in designing of the badge Hard- and software.

Biografie Anne Jan Brouwer

Anne Jan Brouwer is sinds 2001 werkzaam als software ontwikkelaar en wat men tegenwoordig DevOps engineer noemt. Momenteel werkzaam bij NoProtocol een realisatie bureau in Amsterdam, daar naast in zijn vrije tijd bezig met diverse opensource projecten.

Toen het SHA2017 hacker evenement werd aangekondigd heeft Anne Jan zich ingezet om net als bij gerelateerde buitenlandse events ook een elektronische event-badge te realiseren. In eerste instantie door proof of concepts te maken van gewenste technieken, in de verde

re loop van het project als software lead om de intergratie van low-level drivers, high-level abstractie en een app-repository te realiseren.

Twitter: @annejanbrouwer

Biografie Bas van Sisseren

Bas van Sisseren is in 2007 afgestudeerd in de Informatica aan de Universiteit Twente op het gebied van de Embedded Systems.

Tijdens zijn studie was hij één van de oprichters van Quarantainenet BV, waar hij sindsdien als malware researcher werkt aan het ontwikkelen van detectie-methoden voor malware op netwerk-niveau.

Ook buiten studie en werk is Bas al van jongs af aan bezig met security en embedded systems. Vanuit die interesse is hij betrokken geraakt bij het team dat de SHA Badge ontwikkeld heeft. Binnen dat team was Bas mede-verantwoordelijk voor de low-level software-laag en alle aspecten die daar bij kwamen kijken.

Twitter: @Sisseren

Bug ID : 1408647 – Roy van Dongen
Decryption, E_WHUT?! and why we should be afraid of it.

That green lock right next to your banking website… what does it mean, and does it always mean you are really secure ? In this talk we will see what decryption is, and how it can be abused to see your private data.

About Roy:

Roy is a 32 year old security researcher and fanatic. Since he had the option to poke around in old hardware he was always working with technique. While currently working in strictly (network)-security, he already did a lot of things with large network infrastructures and next-generation firewalling. Decryption however is on his NO-GO list. Dont ask him to spy on your employee’s, guests or other people because you will get into a discussion!

Roy is one of the founders of Pixelbar Hackerspace Rotterdam, is a member of Hackalot Eindhoven and even hangs around with Bitlair every now and then.

Gigatron, the TTL microcomputer

Abstract:

What happens when a hacker gets his hands on a heap of 7400-series TTL chips, an oscilloscope and a soldering iron? In 1975 Wozniak famously made Breakout out of 44 such chips. When the MOS 6502 and Zilog Z80 were launched one year later, his Apple 1 started the microcomputer revolution. But were these processor ICs really necessary for that? One year ago we ordered a bunch of such ICs, bought an oscilloscope and started hacking. The result is a fully functional microcomputer from 36 TTL chips, ROM, RAM, some diodes, etcetera, but most importantly: no microprocessor. This talk explores the hardware design, the software stack and the capabilities of our result we now call “the Gigatron”.

Although small, the Gigatron has very interesting functionality. In the talk, the working of the Gigatron is explained, and how it differs from a regular PC. Some interesting design decisions were made that keep te hardware very simple yet powerful.

About Walter:

Walter Belgers is a hacker, having worked in IT security for all his life, the majority as a penetration tester and currently as a security officer at Philips. He is also the chairman of Toool, the Open Organisation of Lockpickers. He has been soldering since the 1970s but this is the first time he has helped making something that is actually useful.

 

 

This won’t hurt…..much!  – Jelena Milosevic

Hospitals can be attractive places for hackers. With access to critical medical records and personally identifiable information, there is great opportunity to exploit patients. Health care workers are very busy and, more often than not, there is not a lot of interest in computer security. Privacy and the protection of computer records sometimes gets put on the back burner, and caring for the devices used in hospitals is an after-thought, meaning that computers and other devices are not updated in a timely manner and are prone to vulnerabilities.

I see vulnerabilities on all levels and in all roles and locations in the hospital – in software, devices, and with humans. The consequences of bad security are huge and can cause harm both to the patient and to employees. Criminal behaviour can go unnoticed for long periods. Without proper security controls patient records can be manipulated. You can imagine the consequences; they can happen. Security needs to be built from the ground up so that employees understand the risks at all levels and can do all they can to protect the patient. We must build awareness programmes and develop processes and procedures that are possible to follow, thereby creating a higher level of security to ensure that our patients are not in danger.

This presentation will expose the risks and vulnerabilities in hospitals and aims to start driving the discussion and generation of ideas for procedures to avoid the dangerous pitfalls that put lives in peril. My goal is to ensure that we create a safe and secure environment for our patients and employees.

bio
A pediatrician and ICU nurse with a lot of experience, working at many different hospitals in the Netherlands. Over the past 3 years active in the infosec community and applying the knowledge of infosec into the healthcare world to improve the security of the environment for patients and the medical staff. A member of the I Am The Cavalry group and a part of the network of Women in Cyber

Lasercutters on the cheap – Martijn Zilverschoon

Cheap Chinese lasercuttes are very tempting to buy because of the very low price point. But there are many pitfalls and bad bargains. In this talk I will tell you about the troubles and revelations I had with the CW3040 laser cutter. Of course what went wrong what to watch out for and things like that.
Before I dived into cheap laser cutters, I did already have some experience with cnc machines.

About Martijn:

Started to thinker with electronics and mechanical stuff at a young age, programming followed soon after that as well. Worked and repaired Gamin GPS devices for a while. Did some construction work for a while and after that started my own company to thinker with electronics and hardware.

If (network == server) { magic happens } – Attilla de Groot

Cumulus Linux is a NOS that runs on 50+ different hardware platforms used in data centers. Automating a server infrastructure with DevOps tools and a CI/CD environment is common today. What if your network acts like a server, can you do the same ?

About Attilla:

Attilla has spent the last 15 years at the cutting edge of networking, having spent time with KPN, Amsterdam Internet Exchange, and HP, with exposure to technology from Cisco, HP, Juniper, and Huawei. He now works for Cumulus Networks, the creators of open networking, where he is able to continue his interest in open architecture design and automation

Home-automation with OpenHAB and KNX –  Bart Meijer

For my new home I am going to do a lot of home automation eventually. To start off with the lighting I am going to use KNX to control the lights and receive user input. OpenHAB will run separately on a Raspberry PI and receive from and send events over the KNX bus. I will talk about why I choose this technology and how I am planning to implement it. Also I will go a bit in-depth on the KNX system.

Stalking the stalker, how I caught and handed over a digital stalker – Mischa Rick van Geelen

It was a normal day in september 2016 when I got a message request from someone on Facebook.Normally I never answer those, but this time was different. I got a message from someone who claimed to be stalked for 1.5 years already. Out of desperation the person contacted me, because a friend of the person saw me on television.

What unfolded was a series of events which eventually lead to the very interesting situation of me tracking and handing over a digital stalker.

About Mischa:

Mischa is an experienced IT forensic security researcher, speaker and entrepreneur. Because of his insights into the technologies of today and the impact and dangers of the Internet on society, Mischa is able to bring business and hackers closer to each other.

In his spare time, he reports security vulnerabilities to organizations in an effort to make the digital landscape safer. Mischa also takes care of his workshops, presentations and lectures on the dangers of the Internet for more and better awareness within organizations.

 

 

Become a speaker!

Participants of Hacker Hotel give lectures and workshops in all kinds of disciplines and levels.

Giving your own lecture, whatever the skill level, is greatly appreciated! Contact us!

We have multiple rooms, which give you the opportunity to give a talk for an audience.
If you want we provide a recording too (high quality recording, including titles), so you can also practice new material during Hackerhotel, or have a look back later for reviewing your presentation skills.