MCH2022

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:00
09:00
420min
DIY on the music stage
Party Area

DIY
Can you juggle three routers, while fixing circuitboards? Come show us!!
Have othe mad skillzz? Want to perfom for a crowqd (smal, big or random)?
The floor is yours, come see Team PartyArea if you want to use our stage to inform the masses of your skillset
whether it be speed Disk Jockeying, upside-down keytar slinging, riff-raff building, G-string quartetting, card tricks or sheep farming
you can come up on stage and grab your 15 minutes of fame. Dazzle them with your Awesomeness!!

Music Stage 🎤
Music Stage 🎤
16:00
16:00
60min
Jam session: Music Created by Hackers
Chris van 't Hof, Party Area

Each day 16.00-17.00 anyone who can play an instrument is welcome on the Music stage to join our jam session. Bring you guitar, synthesizer, bagpipe, voice or anything you are capable of playing. Drums and amplifiers are already there. The best songs created by hackers, we will perform again on the 25 July at 22.00.

Music Stage 🎤
Music Stage 🎤
17:00
17:00
50min
⚠️ May Contain Hackers 2022 Opening
Elger "Stitch" Jonker

⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?

MCH2022 Curated content
Abacus 🧮
18:00
18:00
60min
Breaky breaky
Party Area

Realistic dramatisation of what is needed to load in an act on a stage.
Our local area techs will be joined by the guest acts in building up the equipment needed to perform during the laser and fire shows.

.

Music Stage 🎤
Music Stage 🎤
18:00
75min
The Silicon Passion
SETUP, de Transmissie & Rodrigo Ferreira

What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has created for them.

MCH2022 Curated content
Abacus 🧮
19:00
19:00
120min
Surface Mount Electronics Assembly for Terrified Beginners
Kliment

In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.

MCH2022 Curated content
Hardware Hacking Area 🤖
19:30
19:30
120min
Electronic Music clinic by professionals
Party Area

Electronic Music clinic by professionals
Every evening we have a specialty clinic with professionals provided by DJ Spock
Tonights clinic will be hosted by:
3D63 and Kookie
Demo situated on a realisticly recreated festival stage.

.

Music Stage 🎤
Music Stage 🎤
20:00
20:00
30min
The Best Worst Thing
Mikko Hypponen

This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of yourself.

MCH2022 Curated content
Abacus 🧮
20:00
30min
Using Passcrow to recover from lost passwords
Bjarni Rúnar Einarsson

Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public.

This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.

MCH2022 Curated content
Battery 🔋
20:40
20:40
50min
Bring Your Own IDentity
Rick van Rein, Henri Manson

Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.

MCH2022 Curated content
Battery 🔋
20:40
120min
Build a PolyCoin crypto miner (Game, not real crypto)
Michael Turner

Work in teams to assemble all the parts of the PolyCoin crypto miner units together in to a complete unit and then deploy it within MCH. This will include surface mount soldering, through hole soldering, cutting, laminating, using programming software, to fully assemble and build a working unit.

MCH2022 Curated content
Envelope ✉️
20:40
50min
Detecting Log4J on a global scale using collaborative security
Klaus Agnoletti

Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a way that doesn't compromise the anonymity of anyone (except the attacker, of course) and doing so with a reliable result where poisoning and false positives are almost impossible. Too good to be true? Come by and judge for yourself!

MCH2022 Curated content
Clairvoyance 🔮
20:40
50min
Hacking the genome: how does it work, and should we?
bert hubert

Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover:

  • A brief recap what DNA is and how it works
  • It is surprisingly digital!
  • How reading DNA is within 'pro-sumer' reach now
  • (I might bring a live demo for after the talk)
  • An overview of DNA editing technologies (offline, and online: on living organisms)
    • Including the famous CRISPR-CAS, but also newer variants
  • How does such editing actually work in a lab?
  • The surprising lack of a definitive link between most DNA mutations and any effect
  • Could you hack your DNA? Will people start doing this?
  • Should we try to stop them?
  • Wild speculation on what this might mean for the future

The goal of this presentation is to provide real non-hyped information on what DNA editing is and what it might achieve. And since we are hackers, I hope to explain how a hackerspace could start reading DNA right now with USB-powered hardware. And finally, since no hacker can resist tinkering: could you hack your own genome, or your cat's, or improve on your favorite plant?

MCH2022 Curated content
Abacus 🧮
20:40
90min
Hactivism and Mental Health - CyberWell
Sonia

A workshop format interactive lecture to tackle subjects of mental health and h/activism. A conversation about on/offline identity, isolation, burnout, depression, and social anxieties while trying to connect to those around us to fulfill the desire of "belonging".

MCH2022 Curated content
Gear ⚙️
20:40
180min
Public speaking for technical people. You can do it too!
Peter

As a technical person, you work with complicated and often important matters. Public speaking is essential to get your message across, be heard, and be valued. In this workshop, you will improve your public speaking skills. The workshop is based on the methods of Toastmasters International.

Training

MCH2022 Curated content
DNA 🧬
21:00
21:00
90min
Meet The Parents
Family Zone Speakers

Meet The Parents is a FamilyZone activity: Just getting to know the other parents (and maybe kids). Bring your beverage of choice and come hang out for a bit so you know who's who. This workshop is TLP:RED

Note: FamilyZone content, to be held in front of FamilyZone Workshop tent tonight, friday 21:00.

Family Zone 👪
Family Zone 👪
21:40
21:40
50min
Keep Ukraine Connected
Sander Steffann

In March 2022 the Global NOG Alliance (GNA) started the Keep Ukraine Connected task force to help network operators in Ukraine during and after the invasion. These are our experiences. A simple idea turned into an interesting logistics puzzle with a steep learning curve into customs rules.

MCH2022 Curated content
Battery 🔋
21:40
50min
M̶a̶y̶ Will Contain Climate Change
Igor Nikolic

A multi-disciplinary lecture and follow up discussion about sustainability from the hacker perspective. It will combine the state of the art scientific knowledge and evidence with observations on the cultural dynamics of the hacker community. It is the continuation of the series started at OHM 2013, SH2017, Balccon 2019 and Bornhack 2019

MCH2022 Curated content
Clairvoyance 🔮
21:40
50min
What if locks could talk; what stories would they tell?
Jan-Willem

Most security implementations leak information, mechanical security is no different. It takes sharp eyes, a soft touch, and a good hearing to distinguish between information and noise. In this talk we will go in depth on how locks works, and how we can persuade them to disclose their secrets, and open them without damage.

MCH2022 Curated content
Abacus 🧮
22:00
22:00
120min
Real time IRL performance
Party Area

Fire and laser show featuring background music
No imitation stage would be complete without an act that makes it look legit.
Tonights performance is hosted by:
TRIGGRRD
TRIGGRRD is an experimental live music performance with a vision on rhythms, inspired by beats & bass orientated genres.
Demo situated on a realisticly recreated festival stage.

Music Stage 🎤
Music Stage 🎤
22:30
22:30
60min
Can’t get you out of my head: Telemetric hacking of medical deep brain stimulators
Isabel Straw

Help protect deep brain implants from malicious attacks! Following a case in our own hospital of a patient with a malfunctioning Deep Brain Stimulator (DBS), we want to improve our understanding of these technologies and their susceptibility to malicious hacks. This workshop will describe the medical case of a patient with a failing DBS, we will present the DBS system and we will ask you to hack into it! Help us improve patient neurosecruity by suggesting possible exploits and vulnerabilities.

MCH2022 Curated content
Gear ⚙️
22:40
22:40
50min
The tooling ecosystem that adds joy to KiCad
Kliment, cpresser

A number of people have built wonderful and useful tools to make the life of KiCad users easier. cpresser and Kliment are here to give you a tour of a number of the most useful addons, and show you what they're good for and how they can improve your life.

MCH2022 Curated content
Clairvoyance 🔮
22:40
50min
Wired Norms: Inscription, resistance, and subversion in the governance of the Internet infrastructure
Niels ten Oever

Warning (but don't be afraid): this talk contains an overarching theory of the workings of Internet governance (with an emphasis on human rights)!

The rules of the road for the Internet infrastructure are designed in different governance bodies, such as the Internet Engineering Taskforce (IETF), the Internet Corporation for Assigned Names and Numbers (ICANN), and in Regional Internet Registries (RIRs).

I will showcase how Internet governance institutions are tied together through 'the infrastructural norm of interconnection'. This concept helps explain how Internet governance works and why many social and legal norms, such as human rights and data protection, get resisted and subverted in the governance of the Internet infrastructure.

This talk is the outcome of 6 years participation in and research of Internet governance institutions and processes, and is suitable for both issue matter experts and people who never heard of Internet governance before.

MCH2022 Curated content
Battery 🔋
23:00
23:00
120min
Multiple DJ's on one stage: pushing the next generation of audio systems to the limits
Elger "Stitch" Jonker

The sound system in the Abacus stage is promoted by HOLOPLOT as 'a new era of audio'. The system, called X1, allows for horizontal and vertical directional audio control, which opens up the door for lots of new creative possibilities. Everything from defying the conventional behaviour of sound such as mitigating reflection and reverberation - to dividing a space into virtual zones each with unique audio content, all from a single sound system. Imagine the left-hand side of a room listening to a conference in French and the right-hand side in Japanese. Each side is unaware of the other.

During this session engineers from HOLOPLOT will collaborate with a bunch of DJs and musicians (which might include you) and take the chance to unleash some creativity in the tent! A mini-mission to find out what this new era of audio really means! This is an experimental session that features a wide selection of audio: various styles of music, sound effects and field recordings. You might be dancing to live mashups, where the vocals of the left and right sides of the room differ, you might find yourself standing in the middle of Times Square.

When attending this session it will be rewarding to walk around in the tent, as different parts of the tent can contain different soundscapes and experiments. Join this session to see what the possibilities are for this technology as we push to discover its potential and its limitations!

If you want to play something on stage, be there at 22:30 during the session buildup.

MCH2022 Curated content
Abacus 🧮
00:00
00:00
120min
Silent contemplation in A-major
Party Area

Let the nights peacefullnes flow over you while listening to some tunes provided by anyone who feels like it.
We'll be using headsets as to not bother our neighbours with our audiological zen moment
Distribution of these will be handled through the tent on the field, that's also the place to return them.
Demo situated on a realisticly recreated festival stage.

Music Stage 🎤
Music Stage 🎤
09:00
09:00
420min
DIY on the music stage - please go there!
Party Area

DIY
Can you juggle three routers, while fixing circuitboards? Come show us!!
Have othe mad skillzz? Want to perfom for a crowqd (smal, big or random)?
The floor is yours, come see Team PartyArea if you want to use our stage to inform the masses of your skillset
whether it be speed Disk Jockeying, upside-down keytar slinging, riff-raff building, G-string quartetting, card tricks or sheep farming
you can come up on stage and grab your 15 minutes of fame. Dazzle them with your Awesomeness!!

Music Stage 🎤
Music Stage 🎤
10:00
10:00
180min
Building public, dynamic webapps using Micropython on the ESP32
Bjarni Rúnar Einarsson

This workshop will introduce upagekite, an open source micro-framework for building dynamic, public webapps using Micropython on the low-cost ESP32 system-on-a-chip.

This session will start with participants plugging the ESP32 (an ESP32-CAM devkit) into their laptops for the first time, and by the end of it they will have a running web server on the public Internet - running in a few hundred KB of RAM on a chip that costs only a few euro.

MCH2022 Curated content
DNA 🧬
10:00
90min
Create your own dough monster with lights for eyes!
BjornW

Using a DIY conductive dough/clay you will create your own creatures and adorn them with working (basic) electronics like LED's and buzzers. Always wanted to create a snail with blinking lights? Or a lovely heart with lights? This is your chance! This workshop is aimed at kids (4 - 10yrs) Supervision of an adult is required. The dough uses food coloring and is made using basic food ingredients. Food allergies? Check the recipe in our repository before taking part!

MCH2022 Curated content
Hardware Hacking Area 🤖
10:00
90min
How to make your project more inclusionary
pascoda

Let's talk about our projects and surroundings, and how their setup may be discrimnating.
Let's find barriers, and think about ways of to remove or bypass them.
Whether it's about your hackspace being way too white and able-bodied, your IT project being too male-dominated, or your leftist intiative somehow being very non-working class: let's find a way to figure this out and make your surroudings more diverse and equitable.

MCH2022 Curated content
Gear ⚙️
10:00
50min
Literally Hacking the Planet: How Earth Systems Models Work
Smári McCarthy

People have been modeling different parts of Earth's systems for decades, on different scales and with different goals from short term weather forecasting through actuarial risk prediction to long term climate models. In this talk I'll explore some of the typical models, methods, data formats, infrastructure layouts and design assumptions that go into such models, and discuss some low hanging fruit available to improve them.

MCH2022 Curated content
Abacus 🧮
10:00
90min
Make a minigame or fractal with Scratch (also available when back home)
confiks

Scratch is a awesome language and tool to get started with programming in a playful and creative way. This workshop is intended for complete beginners as well as those who already have some experience with Scratch.

Not able to attend the workshop? Follow the steps on the field or at home: https://scratch.cmptr.nl


Scratch is een geweldige taal en een programma om aan de slag te gaan met programmeren door een beetje creatief te klooien. Deze workshop is bedoeld voor zowel beginners als mensen die al wat ervaring met Scratch hebben.

Kan je er niet bij zijn? Je kan de stappen ook op het veld of wanneer je terug thuis bent volgen: https://scratch.cmptr.nl

MCH2022 Curated content
Envelope ✉️
10:00
50min
Running a Domain Registrar for Fun and (some) Profit
Q Misell

Ever wondered what happens behind the scenes when you click buy on that domain for a new side project that'll definitely happen (you will get to it eventually, right)? Well this is the talk for you! We'll cover all the extremely cursed details of how exactly one sells and manages a domain, the standards for this (or lack thereof), and some pointers for how you could get started managing your own domains directly, if you're not completely put off by this talk's contents.

MCH2022 Curated content
Clairvoyance 🔮
10:20
10:20
30min
Screaming into the void: All e-signatures in the world are broken!
Kirils Solovjovs

E-signatures in your country are insecure.
They have been hacked 10 years ago.
Everyone knew that but no one wanted to talk about it since there is no easy fix.

We decided to create a PoC and poke the government with it.

This is a story on what happened.

⭐ PoCs included ⭐

MCH2022 Curated content
Battery 🔋
11:00
11:00
50min
Respirators, Runtime Errors, Regulations – A Journey into Medical Software Realization
Bettina Neuhaus

Medical devices come in all shapes and sizes, and a great deal of them contain – or consist of – software. If they are faulty, they can kill. We’ll talk about different types and classes of medical devices, the regulations that try to ensure their safety and what all of this means for medical software projects.

MCH2022 Curated content
Battery 🔋
11:00
50min
The art of online discobingo
Tijmen Swaalf

This presentation will includes insights in starting your own online pirate radiostation, the mathematics of bingo cards, keeping participants data up to GDPR standards, Fitbit-statistics, and the optimization of bingo winner-calculations. This presentation will also at one point include a guy in an ice cream cone costume with an offensive name, as well as an optional disco bingo party with songs supplied by visitors to the conference.

MCH2022 Curated content
Clairvoyance 🔮
12:00
12:00
60min
Break
Abacus 🧮
12:00
30min
Everything is an input device (fun with barcodes)
Muse, Jasper

If we consider technology sufficiently advanced indistinguishable from magic, then the closest we get to ancient magical glyphs are barcodes. In this talk, we will show how barcodes are not just simple numbers, but can be used to control the machines.

MCH2022 Curated content
Battery 🔋
12:00
90min
Popsicle Bridge Building Competition
The Anykey

Need a break from your Keyboard? Join this competition to build a bridge out of popsicles and hot glue. Every team will get a fixed set of popsicles, a hot glue gun and glue sticks. You will have 1 hour to build your bridge, after that the real competition starts. Each bridge will be tested till destruction to decide the who will win.

MCH2022 Curated content
Gear ⚙️
12:00
50min
bug hunting for normal people
knud

A series of isolated problems encountered when attempting to fuzz software, in this case Adobe Reader (DC), and hackish solutions to said problems. Constructing a fuzzing pipeline capable of finding real bugs by stringing together freely available tools creating the bare minimum of glue.

MCH2022 Curated content
Clairvoyance 🔮
12:30
12:30
30min
HSNL: Funding 101: NLnet and NGI
Auke van Slooten

A short introduction in funding your projects with EU NGI (Next Generation Internet) funds, presented by Michiel Leenaars from NLnet. NLnet is a foundation with long roots in the dutch internet. One of the founding internet access providors, today they manage a number of different funds. This talk will explain how to successfully apply for EU funding for your amazing next generation internet project.

HSNL
HSNL Village (Muze / NLnet tent)
13:00
13:00
60min
Break
Battery 🔋
13:00
50min
Digital Civil Disobedience
Marleen

Greenpeace is a direct action organisation. We have been doing physical direct civil disobedience actions for 50 years now. Civil disobedience has always played an important part in evolving democratic society if you look for instance at womens’ voting rights, the civil rights movement in the US and de ‘klimaatspijbelaars’. The digital realm is becoming more and more important in all of our lives. That is why we are working on a research project on what digital civil disobedience can look like. This is something else than mere ‘clicktivism’. What are the differences and similarities of online and offline civil disobedience? How do you 'drop' a digital banner or how do we digitally 'occupy' a building or mine? During this talk we want to tell about this project and give you an insight look on how we prepare disobedient actions at Greenpeace.

MCH2022 Curated content
Clairvoyance 🔮
14:00
14:00
60min
Break
Clairvoyance 🔮
14:00
50min
Honey, let's hack the kitchen: attacks on critical and not-so-critical cyber physical systems
Daniel Kapellmann Zafra

Attacks on cyber physical systems are perceived as necessarily complex and requiring significant time and resources. However, in the last couple years we have also observed the inverse: simple attacks where actors with varying levels of skill and few resources gain access to software and interfaces that control physical processes. These compromises appear to be driven by ideological, egotistical, or financial objectives, taking advantage of an ample supply of internet-connected cyber physical systems. This is sometimes concerning, for example when it is affects panels for controlling processes in a water facilities or manufacturing processes. Sometimes, though, it is absurd, such as when the critical systems actors claim to compromise are in fact toys or domestic appliances. In this talk, we will share a series of stories of success and failure involving low sophistication compromises on cyber physical systems. We will describe the different types of cases we have observed, what the actors did, and how you can reproduce them for good. At last, we will discuss to what extent these crimes of opportunity represent a risk to cyber physical systems and what we can do about it.

MCH2022 Curated content
Battery 🔋
14:00
120min
Make fun graphs with your whatsapp chats
Richard

Using Splunk to analyze your Whatsapp chat data. Find out who was sending the most messages, who was chatting in the middle of the night, or how many chats you will recieve in the future.

In this workshop we will make fun graphs using your own whatsapp data from one chat. We will start with extracting your whatsapp data en import it into the provided Splunk server.

Family Zone 👪
Family Zone 👪
14:00
180min
UBports: Workshop Beginning Ubuntu Touch App development
Jeroen Baten

Last year we developed an Ubuntu Touch Application Development training and printed a training book.
In this workshop our trainer Felix and assistant Terence will help you with your first steps developing for Ubuntu Touch, right on your own laptop!
We have material to fill 2 days, so it will never get boring.
If you already have Docker pre-installed on your laptop the startup should be quick.
The first 30 participants will receive their own copy of the Ubuntu Touch App dev book for free!

MCH2022 Curated content
Gear ⚙️
14:00
60min
“You give me fever, fever all through the night": Hack attacks against wireless medical devices and the virtual patient
Isabel Straw

Protect our patients from healthcare hacks! The increasing availability of telemetric medical devices has great potential to improve patient care. Yet, smart medical devices are hackable and previous case studies have described the life threatening implications of healthcare hacks. We invite you to a workshop run by doctors who are looking for your input on a series of commonly used telemetric medical technologies. Help us improve patient care by exploring potential vulnerabilities and solutions.

MCH2022 Curated content
DNA 🧬
14:45
14:45
90min
Introduction to quantum networks
Wojciech Kozlowski

The vision of a quantum internet is to enhance existing Internet technology by enabling quantum communication between any two points on Earth. Such a quantum internet will—in synergy with the “classical” internet that we have today—connect quantum information processors in order to achieve unparalleled capabilities that are provably impossible by using only classical information, such as distributing encryption keys secured by the laws of quantum mechanics, more efficient distributed agreement, or private delegated quantum computation. The first quantum entanglement networks have been realised in a lab including a software and network protocol stack for executing platform-independent applications. In this workshop we will introduce the basic concepts underpinning the quantum internet and take you through developing your own quantum network application running on a (for now) simulated quantum internet using the Quantum Network Explorer platform.

MCH2022 Curated content
Envelope ✉️
15:00
15:00
120min
Climate Crisis: The gravity of the situation. What is going on?
Igor Nikolic

Goal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us.

We will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations.

Emergent 🌍
Emergent Earth
15:00
30min
Reclaiming our faces
kantorkel, Lotte Houwing - Bits of Freedom, e-punc

What are the risks and problems of face search engines like Clearview AI and PimEyes? Since institutional protection against these systems is failing us, how can we protect ourselves against this? Three people involved in the fight against biometric mass surveillance share their experiences and reflections. Come to this talk to exchange experiences, learn what tools there are for your protection, how to use them and how you can help stop the creep of mass surveillance technologies.

MCH2022 Curated content
Battery 🔋
15:00
30min
What have you done against covid (a personal retrospective)
Anne Jan Brouwer, Lord BugBlue

From complaining out loud about a televised government app-a-thon to being hired by the Ministry of Health, Welfare and Sport as lead developer RoHS running a team of devs to work on all the covid backend infrastructure exception routes and making sure no person is left in digital limbo in just under an hour.

MCH2022 Curated content
Abacus 🧮
15:30
15:30
60min
Radio Amateurism via commercial satelite
Area 42 Workshops

This workshop will be held at the Area 42 village, which you can find behind the main music stage.

Ever want to broadcast live video cross half the globe via a commercial satellite? You actually can. Why? Just because it can be done.

What do you need? A radio amateur license, custom hardward, a significant investment in time, the compiled knowledge of the Britisch Radia Amateur Television Club and electronics skillz.

In this workshop Dustin will explain why there is a satellite in geo-statioary orbit that can be used by radio amateurs and what he did to be able to bouce live images 3600km up and back down, and demonstrate his gear.

Area 42 Workshops
Area 42 Workshops
15:40
15:40
30min
It's not just stalkerware
Chantal Stekelenburg

Stalking is unwanted and/or repeated surveillance by an individual or group toward another person. But what is the impact of tech companies making it easier to do this with the development of technology? In the news, we hear about the increase in stalkerware found on devices or scary government spyware. But it’s not just that, there are so many more common tools used by stalkers.

MCH2022 Curated content
Battery 🔋
15:50
16:00
16:00
60min
Break
Abacus 🧮
16:00
90min
Balloon folding for kids
Frank Breedijk

Give kids some balloons, pumps and instructions (on cards) an happy chaos is ensured.

Did you ever want to make you own balloon animal?

This is your chance. I will bring the balloons, pumps and instruction cards you do the rest.

90 minutes of fun and some chaos?

Are you an adult and want an actual workshop? Come to balloon folding for adults.

Are you an adult and know how to do this, I could sure use some help to survive the chaos ;)

Family Zone 👪
Family Zone 👪
16:00
60min
Jam session: Music Created by Hackers
Chris van 't Hof, Party Area

Each day 16.00-17.00 anyone who can play an instrument is welcome on the Music stage to join our jam session. Bring you guitar, synthesizer, bagpipe, voice or anything you are capable of playing. Drums and amplifiers are already there. The best songs created by hackers, we will perform again on the 25 July at 22.00.

Music Stage 🎤
Music Stage 🎤
16:05
16:05
90min
Badge workshop
BADGE.TEAM, Reinier van der Leer, Renze Nicolai

Not sure if this will happen, that fully depends on the availability of volunteers to give this workshop.

Might also become a FGPA workshop by Lattice.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam dapibus suscipit dictum. Aenean lectus neque, congue eu dui ut, fringilla laoreet urna. In ac nunc nec eros mollis tempor. Phasellus tortor sem, vestibulum vitae fringilla in, dapibus ac mi. Etiam vitae erat tincidunt magna dapibus iaculis at at quam. Proin dictum lacus non ex porttitor blandit. Suspendisse metus nulla, elementum quis pulvinar sit amet, placerat ultricies nunc. Donec malesuada vestibulum massa at molestie. Cras a ultricies lorem.

MCH2022 Curated content
DNA 🧬
16:20
16:20
30min
How I made the municipality pay a 600.000 euro fine for invading your privacy
Dave Borghuis

When gathering data for public services becomes privacy infringement and what you as a citizen can do about it. Or: How I made the municipality pay a 600.000 euro fine for invading your privacy.

In September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed?

MCH2022 Curated content
Battery 🔋
16:45
16:45
90min
Hacking group interaction protocols
Martin

Human interactions can be messy - especially in groups. Often we unconsciously follow bad protocols. Consciously thinking about how you interact in groups makes a huge difference. Come and experience some simple recipes for structuring interactions that include and involve everyone.

MCH2022 Curated content
Envelope ✉️
17:00
17:00
60min
Break
Battery 🔋
17:00
50min
Repair for Future
Fraxinas

This discussion will start with a brief summary on the history of repair initiatives. We can report about our personal repair activities during the pandemic. Subsequently, I'll outline the achievements of the right to repair movement and we can discuss ideas for the future.

MCH2022 Curated content
Clairvoyance 🔮
17:00
50min
Taking Action against SLAPPs in Europe
Naomi Colvin

SLAPP suits (strategic lawsuits against public participation) are nuisance lawsuits designed to get journalists, activists, historians, whistleblowers and others to keep quiet. This kind of lawfare isn't new, but there is an increasing focus on the issue in Europe, with new legislation coming. Here's where you find out more.

MCH2022 Curated content
Abacus 🧮
18:00
18:00
60min
Break
Clairvoyance 🔮
18:00
60min
Breaky breaky
Party Area

Realistic dramatisation of what is needed to load in an act on a stage.
Our local area techs will be joined by the guest acts in building up the equipment needed to perform during the laser and fire shows.

.

Music Stage 🎤
Music Stage 🎤
18:00
30min
Don't turn your back on Ransomware!
Erik Heskes

Ransomware is making a comeback and attacking us all! Learn and sharpen your blades in order to defend against this multi headed monster! There’s a lot to learn from every ransomware attack. By demounting every bit of the attack and looking at every stage there’s much to gain for setting up proper detection and other defence techniques

MCH2022 Curated content
Battery 🔋
18:00
180min
Gopass: a password manager in your terminal
Yolan Romailler

Gopass is a password manager based on PGP or age, that allows you to easily manage your passwords but also your team's passwords in a way that's fully transparent, easy to backup, easy to monitor and easy to use. It supports hardware tokens such as Yubikeys, it allows you to setup versioning using git easily and supports multiple "stores" from different remotes.
It integrates very nicely with a command line based approach and dmenu plus xdotools make it a breeze to use (unless you prefer to rely on the dedicated browser extension).

MCH2022 Curated content
Gear ⚙️
18:00
90min
How do we design trauma-informed financial systems?
Miholyn Soon

Our present discourse of trauma is commonly associated with significant events like war, sexual or physical violence - but there is a glaringly missing conversation about how living in other kinds of societal precariousness (like capitalism) affects our behaviours, attitudes and beliefs. This is also trauma, because trauma is not the event that happens to us, but the way we become psychologically organised around fear. I want to explore financial trauma as an example, and analyse its relationship with how it shows up in technological systems.

MCH2022 Curated content
DNA 🧬
18:00
30min
Reverse engineering the Albert Heijn app for fun and profit
Nick Bouwhuis

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's the largest supermarket chains here. They have a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.

MCH2022 Curated content
Abacus 🧮
18:40
18:40
30min
Electronic Locks: Bumping and Other Mischief
Michael Huebler (mh)

Modern electronic locks are often optimized for cost, not security. Or their manufacturers don’t do security research. Or they ignore it.
For whatever reason, many current electronic lock systems are susceptible to surprisingly simple attacks. We’ll look at some of them, and at the underlying basics, so that you can do your own research.

MCH2022 Curated content
Battery 🔋
18:40
30min
Hacking the Quincy Drawing Robot (and possible win one!)
The Anykey

This session will go over my journey to hack the Quincy drawing robot. This is a cheap 3-axis drawing robot, that uses a proprietary "closed" system. I wanted to hack this robot to draw Pokémon's for my son. I will explain how I deciphered the file formats, figured out how the robot could be controlled (which needed some very very difficult math!) and the software I made to create your own drawings.

BONUS: At the end of the session you can WIN one of these Quincy Robots!!!

MCH2022 Curated content
Abacus 🧮
18:45
18:45
90min
Building decentralized applications with IPFS
will scott

The Interplanetary Filesystem is an API and network for locating and fetching content-addressed data. This workshop will provide an interactive space to build applications using content addressed data, and provide guidance on potential decentralized answers to some common types of communication patterns.

MCH2022 Curated content
Envelope ✉️
19:00
19:00
60min
Break
Abacus 🧮
19:00
50min
HomeComputerMuseum, the making, the challenges and the importance.
Bart van den Akker

The HomeComputerMuseum's idea originated in 2016 and opened the doors in 2018. Since then, we faced several challenges but we came out on the other end and became one of the largest museums about computers with an award-winning social impact, an enormous social network, collaborations over the whole world and even are of essential importance to the Dutch government. The talk is about the original concept, how we build it to what it is now.

MCH2022 Curated content
Clairvoyance 🔮
19:00
120min
Surface Mount Electronics Assembly for Terrified Beginners
Kliment

In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.

MCH2022 Curated content
Hardware Hacking Area 🤖
19:20
19:20
30min
RE-VoLTE: Should we stop the shutdown of 2G/3G to save lives??
Hendrik Rood

A lack of VoLTE standardisation breaks voice calling globally. Your brand new smartphone may not work because VoLTE is screwed up by manufacturers and carriers.
Voice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been standardized for years, but now that more and more 2G and 3G networks are shut down by operators, users discover their phones don't work anymore with basic voice calling. The cause is a massive mess in standardization, with a boatload of options and settings and vendors and carriers interpreting it differently, masked by fall-back to 2G and 3G and lack of "international roaming" agreements for VoLTE.
Handset manufacturers decided to implement shortcuts (neglecting parts of the standards) or even worse, implementing white-lists with only mayor operators included, so you cannot switch operators anymore and are up for a big surprise while roaming in another country.
The result: Even your brand new phone might be unable to provide voice calling in one country but work in another. Voice-calling might work if you're lucky, but you cannot reach 112/911, the eCALL system in your car fails after 2G/3G shutdown or you cannot receive an SMS you need for remote Two-Factor-Authentication while roaming in another country.
It's such a disastrous mess, so should we stop the 2G/3G shutdown and get-it-fixed?

MCH2022 Curated content
Battery 🔋
19:30
19:30
120min
PubQuizzzzzzz
Party Area, BigBaldGeek

Anything about everything and all inbetween, get a crew together and join us to fight for the honorary title of "Galactic Know-it-all"
Do you have what it takes to be the very best? the best there ever was? Then this is your moment to shine!!
Powered by: SBP

Music Stage 🎤
Music Stage 🎤
20:00
20:00
60min
Break
Battery 🔋
20:00
50min
Free children from the digital stranglehold
Geert-Jan

The current digital educational system is dominated by tech giants. Fundamental rights, like the privacy, freedom and sovereignty of children, parents and educators are insufficiently secured. Ed-tech is mainly closed source and full of vendor lockins. Products are either overpriced, harvesting data, or both. The time to replace surveillance capitalist based Ed-tech by ethical open source alternatives is now. And our coalition for fair digital education is going to do it.

MCH2022 Curated content
Clairvoyance 🔮
20:00
50min
ICS stands for Insecure Control Systems
Thijs Alkemade, Daan Keuper

Last April we won Pwn2Own Miami by demonstrating five zero-day attacks against software that is commonly used in the ICS world. ICS, or Industrial Control Systems, are systems that are involved with running an industrial process, for example in a factory or power plant. Our targets range from SCADA to HMI systems. During this talk we would like to share details about the competition and the vulnerabilities we found.

MCH2022 Curated content
Abacus 🧮
21:00
21:00
60min
break
Clairvoyance 🔮
21:00
30min
Attribution is bullshit - change my mind...
Samantha Humphries

Borne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution.

Expect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game.

With this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to:
• Highlight the value of decent threat intelligence
• Establish why attribution can be valuable, but how it can be a distraction, or worse
• Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it

MCH2022 Curated content
Abacus 🧮
21:00
30min
FreeSewing: sewing patterns based on code
Lexander

Tired of clothing stores not having your size, or that you're stuck in between sizes? So was Joost de Cock, he didn't - and doesn't - like how clothing stores base their clothing sizes on an imaginary average person; every person has a different body. That got him to found FreeSewing: the open-source platform that translates custom measurements into well-fitting sewing patterns with code.

The platform is working towards becoming the Wikipedia of sewing patterns, with new patterns being released every few months, plus a bunch of guides on how to sew. The platform also provides guides for designers and developers, to transform patterns into code.

This system based on code allows not only for custom measurements, but also for tweaking the pattern (e.g. longer sleeves, or a crop top) and recycling parts of one pattern into another - whereas a traditional sewing pattern is based on the measurements of a perfect mannequin, which is then graded up and down for different body types, which is known to have many downsides.

This talk will not be held by founder Joost de Cock himself, but by an enthusiastic contributor. He will gladly go more in depth on how the code works, common pitfalls, the motivation behind it and how it helps against the rise of fast fashion - maybe encouraging some to pick up sewing themselves?

MCH2022 Curated content
Battery 🔋
21:00
90min
Power of Play! How to relearn playfulness.
Nancy Beers

Hacking = playing. Let me take you along in this playshop to discover and experience the power of a playful mind and the science behind it.
In this Playshop we will Play ourselves a way through a lot of the scientific proof about the positive effects of embedding it in your day to day life. Playful people are more creative, have more fun and are overall more happy and joyful. Come to this session and unlearn this stupid idea that playing is for children!

MCH2022 Curated content
DNA 🧬
21:30
21:40
21:40
50min
Decoding the Anker 3800 lock
gigawalt

The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. Can it be opened without the key? This talk discusses how the lock works in a master keyed system and how it can possibly be defeated. It will cover decoding, picking and key duplication.

MCH2022 Curated content
Abacus 🧮
21:40
50min
Electron microscopes - How we learned to stop worrying and love cheap lab equipment.
Peter Bosch, Peter Cywinski

A tale of sketchy^H^H^H^H^H^H^Hawesome online shopping, grimy scrap bins, and crazy DIY projects:
The adventures of a few friends who set up an electron-microscopy lab (and much more!) without breaking the bank. For all audiences: whether you just want to see some cool micrographs, hear a story of hacker adventure, or, want to set up your own SEM - this should be a good time.

MCH2022 Curated content
Battery 🔋
22:00
22:00
30min
Cryptography is easy, but no magic. Use it. Wisely.
Lord BugBlue

Using cryptography can give you easy assurances, keep data confidential and keep prying eyes from stuff where they should not be.

However it's not magic.
This talk is intended for programmers, users and software designers.

This talk is about hardcore mathematics while you should not have to understand what the mathematics are but what they do.

What does cryptography do: encrypt, decrypt, sign and verify.
How are certificates used in cryptogaphy and why are they totally not a magical thing.

It covers what cool hardware is available, open design and open source, hardware tokens and how to use TPM for cool features.

And last but not least: it contains best practices and warnings. After this talk you might be able to see what's snakeoil and what is real.

MCH2022 Curated content
Clairvoyance 🔮
22:30
22:40
22:40
30min
How to charge your car the open source way with EVerest
Marco Möller, Cornelius Claussen

We will give you a short overview over the current electric vehicle charging technology and why it sucks. Let's try to fix it with the open source software stack EVerest! We will explain the technology and architecture behind it and will invite you to join our efforts forward to a green sustainable transportation infrastructure.

MCH2022 Curated content
Abacus 🧮
22:40
30min
Non-Euclidean Doom: what happens to a game when pi is not 3.14159…
Luke Gotszling

We all know that the value of pi is a constant with a particular immutable value. Anyone who has done any graphical programming also knows that visual rendering relies not just on pi but trigonometry more broadly as well as other mathematical techniques. If we look into the source code of the first person shooter Doom we find that the value of pi used in the game is wrong. In this talk I will explore what happens when we subtly and not so subtly break math in the source.

MCH2022 Curated content
Battery 🔋
23:20
23:20
30min
Signal: you were the chosen one!
rysiek

This is a rant about how moving ecosystems are not a good reason for centralizing a crucial service, how stickers are no substitute for a desktop client that does not crash, and how effectively shutting out less popular OS platforms is just not cool.

MCH2022 Curated content
Abacus 🧮
23:20
30min
The smart home I didn't ask for
Nils Amiet

What happens when your home is “smart” before you even move in? More and more buildings are pre-installing smart devices that tenants didn’t ask for and may not want. These devices focus on comfort and convenience, an excellent focus as long as security is also considered. Given the deep integration these devices have, a vulnerable system could lead to devastating consequences like the loss of privacy and even unauthorized access. As a security researcher, these were my thoughts when I saw the tablet mounted on the wall of my new apartment.

In a short period, I discovered multiple vulnerabilities in the system. A concern for sure, considering the system allows for remote access and has integration with services in my apartment and the building. This talk will cover my path, my process, and coverage of the vulnerabilities I discovered.

MCH2022 Curated content
Battery 🔋
00:30
00:30
90min
Silent contemplation in A-major
Party Area

Let the nights peacefullnes flow over you while listening to some tunes provided by anyone who feels like it.
We'll be using headsets as to not bother our neighbours with our audiological zen moment
Distribution of these will be handled through the tent on the field, that's also the place to return them.
Demo situated on a realisticly recreated festival stage.

Music Stage 🎤
Music Stage 🎤
00:30
120min
TIC-80 byte jam
Anne Jan Brouwer, Dave Borghuis, Superogue, Blossom, Lynn, io

TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing.

MCH2022 Curated content
Battery 🔋
09:00
09:00
420min
DIY on the music stage
Party Area

DIY
Can you juggle three routers, while fixing circuitboards? Come show us!!
Have othe mad skillzz? Want to perfom for a crowqd (smal, big or random)?
The floor is yours, come see Team PartyArea if you want to use our stage to inform the masses of your skillset
whether it be speed Disk Jockeying, upside-down keytar slinging, riff-raff building, G-string quartetting, card tricks or sheep farming
you can come up on stage and grab your 15 minutes of fame. Dazzle them with your Awesomeness!!

Music Stage 🎤
Music Stage 🎤
10:00
10:00
90min
Create your own dough monster with lights for eyes!
BjornW

Using a DIY conductive dough/clay you will create your own creatures and adorn them with working (basic) electronics like LED's and buzzers. Always wanted to create a snail with blinking lights? Or a lovely heart with lights? This is your chance! This workshop is aimed at kids (4 - 10yrs) Supervision of an adult is required. The dough uses food coloring and is made using basic food ingredients. Food allergies? Check the recipe in our repository before taking part!

MCH2022 Curated content
Family Zone 👪
10:00
50min
GPS ankle monitor hacking: How I got stalked by people from the Arab Emirates
Arno

Ankle monitors are devices typically used by law enforcement to track offenders, have you ever wondered how they work - which potential vulnerabilities they have or where to buy one ( or many )? This talk is about hacking electronic ankle monitors built by various Chinese manufacturers - and the protocols and software they use.

MCH2022 Curated content
Abacus 🧮
10:00
30min
IRMA and Verifiable Credentials
Daniel Ostkamp

Nowadays, when a user wants to authenticate mostly centralized systems, such as DigiD in the Netherlands, are utilized. Extreme events can impact the reliability of such systems. Decentralized, and more privacy-preserving systems, such as IRMA can help to build more reliable authentication infrastructures. With IRMA, a user can store signed attributes, such as their full name or address, within the IRMA mobile app. Subsequently, the user can disclose a subset of her attributes to parties during an authentication session. The Verifiable Credentials (VC) standard helps to make such systems interoperable, that is, users can use attributes across different credential systems. With a proof of concept, we show how to make IRMA VC-compliant.

MCH2022 Curated content
Battery 🔋
10:00
50min
Running a mainframe on your laptop for fun and profit
Jeroen Baten

Yes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that!

MCH2022 Curated content
Clairvoyance 🔮
10:00
90min
Threat modelling for hackers: a hands-on workshop
Arne Padmos

Systems created by humans may – no will – contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. We will take a look at different threat modelling methods that empower hackers (and others) to study the architecture of a system.

MCH2022 Curated content
DNA 🧬
10:40
10:40
30min
Programming microcontrollers in Go using TinyGo
Ayke van Laethem

Go is often thought of as a server programming language, especially one used for microservices. However, I argue that it can also be a good language for much smaller systems: microcontrollers. Especially with the Internet of Things there is a need for a language that is safer, easier to use (harder to misuse) and easier to build and test.

MCH2022 Curated content
Battery 🔋
11:00
11:00
50min
Electric Vehicles Are Going To Suck; Here's Why
Jenny List

Electric vehicles present a real opportunity to take a step towards better designed, more reliable, and sustainable transport. Instead, electric cars have become nightmarishly complex gadgets whose limited lifespans will make them less sustainable than a diesel pickuptruck running on whale oil. This talk will explore the problem, and make a few suggestions as to what could be done about it.

MCH2022 Curated content
Abacus 🧮
11:00
50min
Heuristic Park (why we can fake it until we make it)
ijskimo

Why do we believe in fake news? What are news siloes? Why can't we seemingly find a solution to discussions like blackface or the corona-deniers How to break your bubble. This lecture discusses the psychological reasons as seen from the perspective of a social engineer.

MCH2022 Curated content
Clairvoyance 🔮
11:00
90min
Power of Play! How to relearn playfulness.
Nancy Beers

Hacking = playing. Let me take you along in this playshop to discover and experience the power of a playful mind and the science behind it.
In this Playshop we will Play ourselves a way through a lot of the scientific proof about the positive effects of embedding it in your day to day life. Playful people are more creative, have more fun and are overall more happy and joyful. Come to this session and unlearn this stupid idea that playing is for children!

MCH2022 Curated content
Gear ⚙️
11:20
11:20
30min
PSD2 a banking standard for scammers?
Jeroen

Payment Service Directive (PSD2) is a fairly recent directive in Europe when it comes to electronic payments. For most of us this has happened invisibly. Although this new directive creates a lot of opportunities for fintech companies it also puts the privacy of tenths of millions of people in the hands of private companies. This talk will discuss the opportunities this will provide within Europe both for Fintech's... and scammers.

MCH2022 Curated content
Battery 🔋
11:30
11:30
30min
Running a Minecraft server for your kids
haakjes

If you have young kids, you might not want them playing Minecraft on public servers with strangers. This talk describes my experience in running my own Minecraft server for my kids and their friends, using different clients (Minecraft Bedrock on tablet and Minecraft Java on desktop) and how to give every player a "safe space" where others cannot blow up the creations you've spend days on creating them. The target audience of this talk is not the kids playing, but the parents that try to run the Minecraft server.

Family Zone 👪
Family Zone 👪
12:00
12:00
60min
Break
Abacus 🧮
12:00
50min
A Brief History of Automotive Insecurities
Martin

Automotive hacking hasn't started with Miller/Valasek in 2015 - and it hasn't ended with it, either. This talk will give an overview of automotive insecurities of the past ~10 years, a brief history of some kind. I will also provide an outlook on what the future on four wheels might hold, security-wise.

MCH2022 Curated content
Clairvoyance 🔮
12:00
50min
Freedom, Ownership, Infrastructure, and Hope
Eleanor Saitta

How should we live together? How do we make a complex, interdependent, infrastructural society less exploitive? In this talk, we'll try to frame questions, if not answers, grounded in the context of the political changes required to mitigate and survive climate change, global fascism, and hypercapitalism.

MCH2022 Curated content
Battery 🔋
12:30
12:30
30min
HSNL: Funding 101: NLnet and NGI
Auke van Slooten

A short introduction in funding your projects with EU NGI (Next Generation Internet) funds, presented by Michiel Leenaars from NLnet. NLnet is a foundation with long roots in the dutch internet. One of the founding internet access providors, today they manage a number of different funds. This talk will explain how to successfully apply for EU funding for your amazing next generation internet project.

HSNL
HSNL Village (Muze / NLnet tent)
12:40
12:40
30min
IOT: International Outage Technology (Disclosure of DIVD-2022-00009)
Frank Breedijk

DIVD researcher Jelle (aka SchizoDuckie) has a hobby. He likes to find credentials in places where they don't belong, like GitHub and Postman. And this hobby has gotten him into many places he should not have, like the Dutch Tax office and many larger company.

But, in February 2022 he found an account with an even bigger reach, an account who's abuse could mean trouble for our national critical infrastructure. His simple GitHub query uncovered a secret that could switch off a country, now what...

MCH2022 Curated content
Abacus 🧮
13:00
13:00
60min
Break
Battery 🔋
13:00
90min
A practical approach to parsing
Frans Faase

Many parsing tools and generators have been developed starting from a certain parsing algorithm. In the past twenty years, I have worked on a parser tool with a focus on usability and being intuitive. Not necessarily producing the most efficient parser, but one that is fast enough for practical purposes. The workshop will start with the most elementary aspects of parsing from examples and gradually explain all the complexities of writing grammars and explain the solutions to them.

MCH2022 Curated content
Envelope ✉️
13:00
50min
Building a cheap laser harp for percussionists
Klaas van Gend, Pascal Ahout

A laser harp is a magic musical instrument that makes sounds from light beams.
Ever since Jean-Michel Jarre used a laser harp in his live concerts to play Rendez Vous 2, many people have dreamt to play one. But they are ridiculously expensive!
Klaas van Gend will discuss his ongoing journey with Pascal Ahout to design a cheap and simple laser harp suitable for a local percussionist group. A revolutionary simple laser harp, using only an Arduino board, and no moving parts.
Hopefully, at the time this talk happens, the design is ready to be demoed, so we’ll end with a live demo or a video recording showcasing our working laser harp.

MCH2022 Curated content
Clairvoyance 🔮
13:00
90min
Design a circuit board with KiCad
cpresser

Participants will learn the complete workflow of creating a circuit board with KiCad. At the end of the workshop, you will have a designed PCB that blinks some LEDs and is ready for manufacturing. No prior experience is required, basic electronics knowledge is useful.

Hardware Hacking Area 🤖
Hardware Hacking Area 🤖
13:00
90min
Getting started with VoIP and Asterisk
Nick Bouwhuis

Want to get your hands dirty with Asterisk? Want to learn about how VoIP works? Then this is the workshop for you. In this workshop, you will learn how VoIP works and how you can quickly get started with the popular phone system Asterisk. Before you know it, you will be making and receiving calls and have a starting point for further tinkering.

MCH2022 Curated content
DNA 🧬
13:00
90min
Program a Robotic arm (Uarm Swift Pro) with Python or Scratch.
The Anykey

Like programming physical things? How about attending this workshop that will challenge you to program a Robotic Arm. You have the choice between Python or Scratch-like programming language and will we provide you with some cool challenges to complete. For the Scratch-like environment no real programming experience is needed

MCH2022 Curated content
Gear ⚙️
13:00
60min
Raketles
Family Zone Speakers

Launching water bottle rockets can be lots of fun. For your safety and ours this workshop includes an experienced teacher able to explain this to us like we're five.

Ofcourse even water bottles can create havoc coming down, so we will walk to a safe location nearby.

Family Zone 👪
Family Zone 👪
13:20
13:20
30min
Hacking UK train tickets for fun, but not for profit
Hugh Wells

We take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO.

This is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right?

We'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own!

MCH2022 Curated content
Abacus 🧮
14:00
14:00
60min
Break
Clairvoyance 🔮
14:00
60min
Building a stream-based NLP (Natural Language Processing) app to monitor vulnerabilities realtime
Area 42 Workshops, Joey Dreijer

This workshop will be held in our workshop tents located on Backbone Boulevard between Liskov field and Flower field.

We'll set up a stream-based Python app to monitor new vulnerabilities by using NLP (Natural Language Processing) in realtime. We'll be experimenting with some basic NLP using spaCy to monitor when vulnerabilities may go trending. Using Faust (stream processing) we'll monitor RSS feeds, tweets and the NVD database and extract important keywords using basic Natural Language Processing.

Area 42 Workshops
Area 42 Workshops
14:00
50min
Hacking COVID: Hackers helping the government
Brenno de Winter, Ron Roozendaal

During the COVID19-pandemic the Netherlands turned to hackers to help them make digital solutions to fight the pandemic. Why was it? What does this do to a government body like ministry? What does this mean for privacy, security and the tech choices that are made?

MCH2022 Curated content
Abacus 🧮
14:00
90min
How would a real life social media be like?
Aditi Bhatnagar

Yes, we have been using social media to connect for a long time now, but 2020 made us dependent on them more than ever. It's time we have an open dialogue. Burst our individual filter bubbles and communicate what our individual experience of social media feels like. In this session, we will come together, interact, go through a bunch of skillfully crafted activities and draw conclusions on what's the real state of our virtual lives? Which humane components are lacking? What extra aspects have been added? How is it affecting our bonding, privacy, individuality, organization, and dialogue?

MCH2022 Curated content
Family Zone 👪
14:00
50min
Trusted CDNs without gatekeepers
rysiek

I want a Web where CDNs are unnecessary.

Where different organizations, different website operators, can help each other out by hosting assets for each others' websites, thus spreading the load across many orgs in solidarity, instead of centralizing it in gatekeepers.

I believe I might slowly be getting to a point of having a decent answer to that question. No blockchain required.

MCH2022 Curated content
Battery 🔋
14:30
14:30
240min
VR waiting while meditating
Livia

Waiting while meditating is a VR experience. A yoga-rave is conducted by multiple avatars. Around the circle of the self, mirrored selves define movements-exercises. The visitor is invited to partecipate in the coreography and follow the movements of the digital bodies. How your body feels? Is it physical? Is it digital?

MCH2022 Curated content
Tardis 🛸
14:45
14:45
15min
Making our house futureproof
WinSCaP

We are getting rid of our gas connection and switching to full electric using a heatpump, installing solar panels, a green roof and more. And I am willing to answer questions about cost, my ideas and why we are doing this. Also am I already at 250 chars?

Emergent 🌍
Emergent Earth
15:00
15:00
50min
All you never wanted to know about the Banking System and why it keeps crashing Economics.
Jacky

Based on the world´s first, and as far as we know still the only accurate double entry bookkeeping based simulation of the banking system, we will talk through how fractional reserve banking really works from a network perspective, and how it has influenced both economic activity and economic theory in many unappreciated ways.

If you want to be able to predict what the central banks will do next, and how to make sensible financial decisions despite this, this is the talk to you. Inflation is back, and it´s still the same. We´ll also talk about ways to contribute to the development of economic models and simulations that are based on real economies, and not on a 30 year practice of fitting a very short mathematical ruler, to a very long curve.

MCH2022 Curated content
Clairvoyance 🔮
15:00
50min
Modernizing the Tor Ecosystem for the Future
Alexander Færøy

In this presentation, we will be updating the audience on the ongoing modernization efforts of the software developed inside The Tor Project -- the organization behind the most widely deployed anonymity network. We will look at upcoming features and changes to the core technology that drives the Tor network and why a Browser may no longer be the only product we have to provide for the user-base that is so crucial in need of Tor's anonymity properties for safe internet access.

MCH2022 Curated content
Abacus 🧮
15:00
50min
My journey to find vulnerabilities in macOS
Turmio / Mikko Kenttälä

My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs.

MCH2022 Curated content
Battery 🔋
15:00
120min
XR Regenerative culture Workshop
Ismani Nieuweboer

We are not machines. We need to look after ourselves and each other in order to better look after each other and achieve what we want to achieve. Also, keeping the population subdued through stress, loneliness, sickness and anxiety is a feature of late-stage capitalism.

Emergent 🌍
Emergent Earth
15:05
15:05
300min
Soft Sculpture Street Performance - Drag Queen
Jurjen Galema

With his alter ego Lola Lasagna, Galema also plays an important role in that nightlife. His transformation as a drag queen - the first fictional character that he really brought to life - is for him an essential part of telling a story. Keep your eyes open for Lola!

MCH2022 Curated content
Tardis 🛸
15:30
15:30
120min
Hardware Hacking for absolute beginner + CTF
Jilles Groenendijk, Jurre Groenendijk

This Hardware Hacking lecture will teach you how hardware works, gives you insights in the challenges creators face and will train you to hack your own hardware with just a small budget. We finish the lecture with a CTF. Bring a laptop to join the virtual hardware challenges.

Hardware Hacking Area 🤖
Hardware Hacking Area 🤖
16:00
16:00
60min
Break
Abacus 🧮
16:00
45min
DIY menstrualcup
colin

At the Workshop we will be modelling Menstrual Cup moulds with [Openscad] (https://openscad.org/).
Our plan is to be the first to use resin 3d printer's to make menstrual cup moulds and build an injection moulding machine, to create a decentralised network of medium scale menstrual cup makers.

MCH2022 Curated content
DNA 🧬
16:00
600min
Fire Dragon
Thijs Mikx

Come see the Fire Dragon of Thijs Mikx. Thijs makes Power Art with (your) old tires. In which you are free to see what you see and what you can put into your power, every time.

The performance will be on Flowers field, the left side of the food area.

Thijs works with welfare waste. Based on his vision that waste products have a form of their own, he immediately sees what else can be made from them. He is currently working with car tyres and prefers to work with your own tyres.

MCH2022 Curated content
Tardis 🛸
16:00
60min
Jam session: Music Created by Hackers
Chris van 't Hof, Party Area

Each day 16.00-17.00 anyone who can play an instrument is welcome on the Music stage to join our jam session. Bring you guitar, synthesizer, bagpipe, voice or anything you are capable of playing. Drums and amplifiers are already there. The best songs created by hackers, we will perform again on the 25 July at 22.00.

Music Stage 🎤
Music Stage 🎤
16:00
90min
Make a minigame or fractal with Scratch (also available when back home)
confiks

Scratch is a awesome language and tool to get started with programming in a playful and creative way. This workshop is intended for complete beginners as well as those who already have some experience with Scratch.

Not able to attend the workshop? Follow the steps on the field or at home: https://scratch.cmptr.nl


Scratch is een geweldige taal en een programma om aan de slag te gaan met programmeren door een beetje creatief te klooien. Deze workshop is bedoeld voor zowel beginners als mensen die al wat ervaring met Scratch hebben.

Kan je er niet bij zijn? Je kan de stappen ook op het veld of wanneer je terug thuis bent volgen: https://scratch.cmptr.nl

MCH2022 Curated content
Gear ⚙️
16:00
90min
Making sense of social media, freedom of speech, and fascists
Christopher Guess, James Tomasino, rysiek

Do we want social media platforms that provide neutral platform for pluralistic debate, or do we want social media platforms that protect their users from abuse and de-platform abusers? Can we have both? Is moderation censorship? Is Signal social media?

MCH2022 Curated content
Envelope ✉️
16:00
50min
UBports: Imagine a phone that does everything you expect and nothing you don't.
Jeroen Baten

This talk explains what the UBports Foundation does: managing the Ubuntu Touch OS for mobile devices. The challenges, the why, what and how.

The world needs another phone OS. With more focus on privacy.
And the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices.
In this talk we tell you why.
We tell you about our challenges and how we try to solve them.
This means we tell you the "what"
What is VoLTE and why do we need it in an open source phone OS?
And we tell you the "how"
How are we working on VoLTE support in Ubuntu Touch?
How is knowledge management organized?
How do we develop software?
How are devices supported?

MCH2022 Curated content
Battery 🔋
16:30
17:00
17:00
60min
Break
Battery 🔋
17:00
50min
Hacking the pandemic's most popular software: Zoom
Thijs Alkemade, Daan Keuper

Last year we won Pwn2Own by demonstrating remote code execution, using a chain of three vulnerabilities, on the then latest version of the Zoom client. In this talk we would like to share all details of the vulnerabilities we found and how we combined them into a fully working exploit.

MCH2022 Curated content
Abacus 🧮
18:00
18:00
60min
Break
Clairvoyance 🔮
18:00
60min
Breaky breaky
Party Area

Realistic dramatisation of what is needed to load in an act on a stage.
Our local area techs will be joined by the guest acts in building up the equipment needed to perform during the laser and fire shows.

.

Music Stage 🎤
Music Stage 🎤
18:00
50min
Building modern and robust Web-Applications in 2021, without writing any JavaScript
Franz Bettag

Building Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet.

Looking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak.

MCH2022 Curated content
Battery 🔋
18:00
50min
Scientist Rebellion
Elwin Oost

I present background, rationale and future plans of Scientist Rebellion, a growing international group of currently over a thousand scientists venturing into civil disobedience since writing more papers about the climate emergency does not yield the needed political sense of urgency and actions.

MCH2022 Curated content
Abacus 🧮
18:00
120min
Surface Mount Electronics Assembly for Terrified Beginners
Kliment

In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.

MCH2022 Curated content
Hardware Hacking Area 🤖
19:00
19:00
60min
Break
Abacus 🧮
19:00
50min
An Ontology Of Electronic Waste
Maurits Fennis

This talk will investigate how the concept of private property has fundamentally altered our behavior towards the environment. We will investigate how an alternative ontology of electronic waste is needed and argue why dumpster diving, hacking and reverse engineering abandoned electronics is more relevant than ever to tackle this problem.

MCH2022 Curated content
Clairvoyance 🔮
19:00
50min
Finding 0days in Enterprise Web Applications
Shubham Shah

Enterprise web applications have been deployed rapidly to the internet over the last ten years. Often, these applications remain secure, purely due to how difficult it is getting a copy of the source code. Unsurprisingly, some of the most popular enterprise web applications contain critical pre-authentication vulnerabilities. This presentation discusses how to get your hands on enterprise web applications and how to audit them for vulnerabilities, demonstrated through the disclosure of multiple 0days in popular enterprise web applications.

MCH2022 Curated content
Battery 🔋
19:00
180min
TLA+ in Action
Markus Kuppe

TLA+, the temporal logic of actions, is a high-level specification language to design, document, and verify reactive systems. It has been around for two decades and is used in academia and by hardware-, and software-people at various companies. Its application spans the design of complex cloud systems, concurrent and distributed algorithms, processor hardware vulnerabilities (spectre/meltdown), ...
TLA+ has been described as a lightweight formal method, debuggable design, and the missing link between code and design documents.

MCH2022 Curated content
Gear ⚙️
19:30
19:30
120min
Electronic Music clinic by professionals
Party Area

Electronic Music clinic by professionals
Every evening we have a specialty clinic with professionals provided by DJ Spock
Tonights clinic will be hosted by:
Bobo PK and ?
Demo situated on a realisticly recreated festival stage.

.

Music Stage 🎤
Music Stage 🎤
20:00
20:00
60min
Break
Battery 🔋
20:00
50min
Automatically Suspicious - Predictive policing in the Netherlands
Jos Visser LLM Msc

Predictive policing is hip and happening. In the last few years we have seen a number of experiments with predictive policing in The Netherlands. How does that technology work? What were the outcomes of the experiments? And what is the legal status of a suspicion generated by a computer?

MCH2022 Curated content
Abacus 🧮
20:00
50min
Hacking with Microbes
Rick van Rein

Microbes are everywhere. They are part of nature, both around us and inside of us. When you provide their desired niche, you can make them do something for you, in a mutually beneficial arrangement. This talk will take you into their realm, and show a few practical examples and hacking opportunities.

MCH2022 Curated content
Clairvoyance 🔮
20:30
20:30
120min
Today is July 24th 2072 and life is fantastic
Claudia

Let's gather at the Harbour Bar and talk about what future we would like to have because we can only build the futures we can imagine Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar ine.
🌎 🌎 🌎 🌎 🌎🌎🌎 🌎 🌎 🌎 🌎🌎 🌎 🌎 🌎 🌎 🌎🌎 Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar Harbour bar

Emergent 🌍
Emergent Earth
21:00
21:00
60min
Break
Clairvoyance 🔮
21:00
50min
IRMA's Idemix core: Understanding the crypto behind selective, unlinkable attribute disclosure
Maja Reissner, Sietse Ringers

IRMA is a system in which you are in control of sharing specific personal properties (aka attributes) such as your age, address and gender which are stored in the IRMA app on your phone. Technically, IRMA is a set of free and open source software projects implementing the Idemix attribute-based credential scheme. Although the Idemix credential system has been around for a while it is still relevant today. In this talk, we walk you through the crypto behind Idemix, explain how it works, why it is safe and give you the means to understand Gabi, the Go implementation of Idemix that is used in IRMA.

MCH2022 Curated content
Abacus 🧮
21:00
150min
public showing of the 4 part series "ze weten alles van je"
jos weyers, helma de boer

Public viewing of the 4 part Videoland series "ze weten alles van je"
This movie is about the disappearance of Arjen Kamphuis. Arjen was part of orga of several early dutch hackercamps and regularly spoke at such events. It's safe to say he is "one of us"

MCH2022 Curated content
Battery 🔋
21:40
21:40
30min
World in Vectors - Cross-platform Map Rendering using Rust
Max Ammann

Digital maps are ubiquitous tools in our everyday life. In the early 90s, the idea of browsing the world digitally and visiting any place was groundbreaking. The first solution to this problem is known as "TerraVision", which was breathtaking at that time. Today, the idea of exploring your surroundings using digital maps has become pretty normal.

But how do these maps work? In this talk, I want to provide an overview of the foundations of digital mapping solutions. Differences between maps which use vector data and rasterized satellite imaginary will be outlined. Furthermore, a new and open-source map renderer called maplibre-rs will be presented, which is created using Rust and modern web technologies like WebWorkers and WebAssembly. Lastly, I want to show differences between commercial solutions and free and open-source ones.

A lot of mobile and web applications depend on customizing and displaying maps. There are not many cross-platform solutions available. Some only work in the web. Some only work on mobile devices.
Furthermore, there are only a few truly free and open-source mapping stacks available.
I want to explain how maplibre-rs can solve current challenges by leveraging a modern rendering stack.

MCH2022 Curated content
Clairvoyance 🔮
22:00
22:00
50min
Democracy: Eventually Digitally Transparent?
Sicco van Sas

[Watch the video or slides of this talk].

Governments should be radically more transparent. While calls for more open data and initiatives like the Open Government Partnership have existed for more than a decade, there is still much to be desired. Where do we stand? And, fun to imagine, where could and should we go?

MCH2022 Curated content
Abacus 🧮
23:00
23:00
50min
Fault Injection on a modern multicore System on Chip
Sergei Volokitin, Ronan Loftus

Hardware attacks on security relevant components, such as fault injection, have been known for decades and have been shown to be successful on a wide range of devices ranging from general purpose microcontrollers to dedicated security engines. In this work we give an overview of different methods used for fault injection and the effectiveness of these methods. We discuss electromagnetic fault injection in more detail. Most of the published research focuses on attacking low performance secure devices. However, we present the results of electromagnetic fault injection on a modern multicore system on chip running at gigahertz speed and discuss its effectiveness.

MCH2022 Curated content
Abacus 🧮
23:00
50min
Gigatron - creating a hobby kit
gigawalt

The Gigatron is a microcomputer without a microprocessor. It was made into a DIY electronics kit and sold over 1000 pieces from 2018 to 2020. It is now open source. In this talk, I will not go into the working of the kit, but explain what you need to think about when creating a kit and keeping it manageable. Think of what to design, sourcing components, testing, preventing too many support calls and more.

MCH2022 Curated content
Clairvoyance 🔮
00:30
00:30
90min
Silent contemplation in A-major
Party Area

Let the nights peacefullnes flow over you while listening to some tunes provided by anyone who feels like it.
We'll be using headsets as to not bother our neighbours with our audiological zen moment
Distribution of these will be handled through the tent on the field, that's also the place to return them.
Demo situated on a realisticly recreated festival stage.

Music Stage 🎤
Music Stage 🎤
09:00
09:00
420min
DIY on the music stage
Party Area

DIY
Can you juggle three routers, while fixing circuitboards? Come show us!!
Have othe mad skillzz? Want to perfom for a crowqd (smal, big or random)?
The floor is yours, come see Team PartyArea if you want to use our stage to inform the masses of your skillset
whether it be speed Disk Jockeying, upside-down keytar slinging, riff-raff building, G-string quartetting, card tricks or sheep farming
you can come up on stage and grab your 15 minutes of fame. Dazzle them with your Awesomeness!!

Music Stage 🎤
Music Stage 🎤
10:00
10:00
50min
Live streaming 360° video with your own infrastructure
Sven Neuhaus

Panoramic 360° video offers more immersion, but has unique challenges. There are plug and play solutions, however they use centralized services such as Facebook and YouTube.
In this talk (live streamed in 360° video) i will explain how to setup your own 360° live stream using your own streaming servers and viewing the 360° stream on desktops, mobile devices and VR headsets in the browser.

MCH2022 Curated content
Battery 🔋
10:00
50min
Meta-Press.es : Decentralized search engine for press reviews
Siltaar

Meta-Press.es is a WebExtention to help you exploring the online press, with no middlemen between the newspapers and your web browser. It allows you to discover millions of results within seconds and lists the last ones of each sources. Searches can be scheduled and results can be selected and exported.

MCH2022 Curated content
Clairvoyance 🔮
10:00
180min
TF Works! - Learn Terraform (and a bit of AWS)
Area 42 Workshops

~25 bite-sized, hands-on exercises to learn Terraform on AWS. You don’t need to know anything about AWS, although it will definitely help to finish all exercises. You can use your own laptop and AWS account. If you only have a laptop, I have an online sandbox you can work with (limited availability).
~25 bite-size, hands-on opdrachten om Terraform met AWS te leren. Je hoeft geen kennis of ervaring te hebben met AWS, al zal dat wel helpen bij het afronden van alle opdrachten. Je kunt je eigen laptop en AWS account gebruiken. Als je alleen een laptop mee hebt, kun je gebruik maken van een online sandbox die ik beschikbaar stel (gelimiteerde beschikbaarheid).
De workshop is in het Engels of Nederlands of beide, afhankelijk van het publiek.

Area 42 Workshops
Area 42 Workshops
11:00
11:00
50min
Audio networks and their security implications
pcwizz

We will take a cursory look at the protocols that underpin audio over IP from studios to stages and on to broadcast. Focusing on AES67 the you will gain a basic understanding of what it is, how it works and how it is inherently vulnerable to attack. At a high level this talk should be accessible and entertaining to all, although to grasp the more nuanced details a rudimentary knowledge of IP networking and audio digitisation will be helpful.

MCH2022 Curated content
Clairvoyance 🔮
11:00
90min
Candle, the privacy friendly smart home
Tijmen Schep

Candle is an open source smart home system that asks the question: do we really have to choose between privacy and ease of use? This collaborative research project created beautiful and privacy focussed alternatives for common smart home products, such as a thermostat, smart lock, and all kind of sensors. All data stays in your own home, and it even offers 100% local voice control.

In this beginner friendly workshop - no coding or soldering required - you can create your own electronic devices.

Also, join us if:
- If you've already created Candle, or want to learn more about the project.
- If you work with Webthings, MySensors, or other open source software that Candle builds on.
- If you're interested in value sensitive design / privacy design.

MCH2022 Curated content
Gear ⚙️
11:00
90min
Digital Civil Disobedience Workshop
Marleen, cas

This workshop is the hands-on version of the talk we will give on Saturday. We will shorty look at the research we are doing at Greenpeace on digital disobedience actions. Also we will introduce the 4 different action tactics we work with at Greenpeace, Direct Action, Mass Protest, Direct Communication and Photo Opportunity and use these as a basis to come up with digital actions.

The workshop and working in your group consists of two parts:
Part1: Brainstorm. Try to translate your action tactic to the digital domain.
Part2: pick the best action you designed and check if it is actually doable/feasible.
Final: present it to the whole group

We have identified two potential targets that Greenpeace is working on.... Who will that be? ;)

MCH2022 Curated content
DNA 🧬
11:00
50min
How to sneak past the Blue Team of your nightmares
Wout Debaenst

If the perfect Blue Team exists, does that mean the Red Team doesn’t stand a chance against it or is there still a way to sneak their phish in the mailbox of their target? Well in this talk we investigate how a Red Team could sneak past even the best Blue Team imaginable.
We analyse how a perfect Blue Team would detect malicious domains targeting their organization, how they would correlate these to other threat infrastructure to burn the whole campaign and how they would block a successful initial foothold in case they did not detect the phish campaign before its launch.
By assuming the perfect adversary, we discuss techniques and important OPSEC measures Red Teams need to use to get a successful and undetected initial foothold in their targeted organization.
Through practical demos and real-life examples, attendees will learn invaluable techniques and OPSEC measures to improve their Blue or Red Team tradecraft.

MCH2022 Curated content
Battery 🔋
11:00
50min
Intro to OSINT and Geolocation
Aiganysh

The talk is on Introduction to opens source investigations. Aiganysh will explain what "open source" is, what kind of research you can do with it, and the challenges it entails from Bellingcat's experience. The presentation will be full of case studies and exercises such as geolocating ISIS supporters from Twitter and identifying neo-nazi criminals in the US.

MCH2022 Curated content
Abacus 🧮
11:00
90min
OpenStreetMap for Beginners
Pieter Vander Vennet

Are you interested in maps? Are you searching for a FLOSS mapping navigation? Do you need geodata? Do you need a map on your site? Do you want to help creating maps from your local environment or from vulnerable places? Then, you have come to the right talk! This talks gives a broad overview of OpenStreetMap, the community and how to get started with it.

MCH2022 Curated content
Envelope ✉️
12:00
12:00
60min
Break
Abacus 🧮
12:00
90min
Balloon folding for kids
Frank Breedijk

Give kids some balloons, pumps and instructions (on cards) an happy chaos is ensured.

Did you ever want to make you own balloon animal?

This is your chance. I will bring the balloons, pumps and instruction cards you do the rest.

90 minutes of fun and some chaos?

Are you an adult and want an actual workshop? Come to balloon folding for adults.

Are you an adult and know how to do this, I could sure use some help to survive the chaos ;)

Family Zone 👪
Family Zone 👪
12:00
50min
Tech didn’t cause misinformation, and it won’t solve it (by itself)
Christopher Guess

There’s no quick fix for the misinformation, disinformation, and lies were seeing in the world these days, and its natural for hackers want to work on the problems with the skills at hand. I’m going to talk about why, for hackers, that’s not necessarily a good move to do solo. I’ll go over mistakes I’ve seen way too many technologists and academics make when approaching the subject, where misinformation really comes from, and where the audience can harness what they’re good at.

MCH2022 Curated content
Battery 🔋
12:00
50min
drand: publicly verifiable randomness explained
Yolan Romailler

drand is an opensource project allowing anybody to run a “randomness beacon”. Its goal? Providing a trustable, verifiable source of public randomness that would enable full transparency in online lotteries, leader election or blockchain smart contracts.
This talk is about what distributed randomness is, what it means for developers, and users, and why you’d want to use it. I will also present to you the current ecosystem around drand, and what it enables you to do differently and why it is desirable in a distributed, decentralized web to have public, verifiable randomness.

Don’t worry though: we will first go through an easy overview of how it works without diving too much into the gory cryptographic details. In addition, I’ll demo how drand works in practice, and explain you how you can easily use it in your applications since drand nodes can be queried by anybody.

Disclaimer: this is NOT a blockchain talk, but rather a distributed system one.

MCH2022 Curated content
Clairvoyance 🔮
12:30
12:30
30min
HSNL: Funding 101: NLnet and NGI
Auke van Slooten

A short introduction in funding your projects with EU NGI (Next Generation Internet) funds, presented by Michiel Leenaars from NLnet. NLnet is a foundation with long roots in the dutch internet. One of the founding internet access providors, today they manage a number of different funds. This talk will explain how to successfully apply for EU funding for your amazing next generation internet project.

HSNL
HSNL Village (Muze / NLnet tent)
13:00
13:00
60min
Break
Battery 🔋
13:00
50min
First Privacy, Now Safety: An Anthology of Tales from the Front Lines of Cyber Physical Security
Daniel Kapellmann Zafra

As of today, most discussions on cyber security focus on privacy and the implications of incidents involving data. However, those of us in cyber physical security often see things differently as we study actors attempting to use computers to impact the physical world (e.g. critical infrastructure and industrial controls). Geopolitical conflicts and accessible offensive security tools make defending against these threats increasingly complex. The anthology I bring for you illustrates the evolution of cyber physical threats through several stories with topics that span from non-fiction espionage and crime thrillers to politically-motivated intrusions and master tinkerers’ ill-fated creations. By focusing on the different players involved and their motivations, I intend not to hype up the scenario, but instead to accurately describe what we observe daily in the cyber physical threat intelligence community.

MCH2022 Curated content
Abacus 🧮
13:00
120min
Geolocation. Method and Practice
Aiganysh

Workshop on how to geolocate photos and videos from Bellingcat's experience. We will explore why geolocation can be crucial for investigations, verification, justice and accountability. In this workshop you will learn simple steps such as reverse image searching, paying attention to identifiable details, finding reference materials to determine the needed coordinates. The participants will be able to practice the learnt methods right away with exercises provided during the workshop. If you want to do the exercises, having a laptop or sharing one is required.

MCH2022 Curated content
Envelope ✉️
13:00
50min
HSNL: IPFS - Will Scott -Protocol Labs
Auke van Slooten

This talk is part of the Decentralized Web / Decentralized Identity Talks at the HSNL Village (HackerSpaces NetherLands), in the Muze / NLnet tent. Decentralization comes in many forms, not necessarily using blockchain, but also using Peer 2 Peer technology and self hosted platforms.

HSNL
HSNL Village (Muze / NLnet tent)
13:00
60min
Scripted CAD in the web browser for 3D Printer users
Glen

This workshop introduces how use OpenSCAD, a scripted CAD program language, web IDE and compiler. The workshop with focus mainly of generating objects that can be 3D printed. This is aimed at people with little to no programming experience and will introduce programing concepts like: variables, loops, functions and debugging.

Hardware Hacking Area 🤖
Hardware Hacking Area 🤖
13:00
50min
Threat modeling mechanical locking systems, by analyzing puzzles?
Jan-Willem

Mechanical locks are everywhere and come in all shapes and flavors. But choosing the right lock can be rather difficult. For example, what is better? A lock that is hard to pick, or a lock with hard to duplicate keys. This talk will not give you the answers, but it will help you understand the trade-offs. Furthermore, we will have fun threat modeling our locks.

MCH2022 Curated content
Clairvoyance 🔮
13:30
13:30
180min
Coderdojo Robotics @ MCH2022
Joram Agten, Jan Tiri

This workshop is for girls and boys age 7-18.
Programming is not difficult! Here we learn from each other and the coaches how to program by doing it ourselves.
We bring a range of robotics: Makeblock Mbot, Mbot2, Ultimate, Grove, Ozobot, Makey Makey, Microbit with Maqueen.
There is only one rule: Above all: be cool!

MCH2022 Curated content
Gear ⚙️
14:00
14:00
60min
Break
Clairvoyance 🔮
14:00
60min
Balloon folding for adults
Frank Breedijk

You know those people that take a balloon, inflate it and after some twisting, turning, and some squicky noises they end up with a balloon creature that makes kids really happy?

You could be one!

Because, belloon folding isn't that hard, actually.

I have the balloons, instructions and will actually try to teach during this workshop as well.

Are you a kid and want to just have fun, come to balloon folding for kids.

Are you an adult and know how to do this, I could sure use some help to survive the chaos ;)

Family Zone 👪
Family Zone 👪
14:00
90min
HSNL: Aries Framework JavaScript: A Swiss-Army Knife for Modern Self-Sovereign Identity Development - Karim Stekelenburg - Animo
Auke van Slooten

This talk is part of the Decentralized Web / Decentralized Identity Talks at the HSNL Village (HackerSpaces NetherLands), in the Muze / NLnet tent. Decentralization comes in many forms, not necessarily using blockchain, but also using Peer 2 Peer technology and self hosted platforms.

HSNL
HSNL Village (Muze / NLnet tent)
14:00
50min
PolyCoin - A game played across MCH - How it works and what is inside it
Michael Turner

PolyCoin - A distributed game across MCH. The history at EMF Camp 2018 and 2022, and how it was made and works. See what is on the inside of the PolyCoin crypto miner devices, and why they were designed the way they were and what had to be compromised along the way, what can be improved, and plans for future versions.

MCH2022 Curated content
Battery 🔋
14:00
90min
The War in Ukraine: Cyberfront
Kirils Solovjovs

When the pandemic was declared over, Europe went into a war. This was the first major conflict in Europe where an important part of the war was waged online.
Anonymous, disBalancer, IT ARMY, and the western governments.

These are stories from the cyber front lines.

MCH2022 Curated content
Abacus 🧮
14:00
180min
ffuf the web - automatable web attack techniques
joohoi

Transforming the boring parts of web application testing with automation, scalability and a lot of requests: How to automate flagging the potentially vulnerable components and web application parts? Making the tooling work for you and not vice versa? Want to figure out how to build a simple DAST testing case for your application or interested to see how to go from few lines of shellscript or Python to a fully fledged bug bounty hunting automation? Let's make it happen!

MCH2022 Curated content
DNA 🧬
14:30
14:30
30min
The Potato Algorithm
Armand Sol

“An analog algorithm powered by biobased renewable energy”. Analog machine learning and edge computing seem a solution for a more sustainable internet. Join the research of analog computer technology and edge computing for machine learning solutions with massive impact. Get rid of large volumes of data-to-cloud transportation and storage. Lower transportation and storage cost radically and enhance privacy while doing that. Explore the potential use cases in agriculture and energy monitoring with us.

Emergent 🌍
Emergent Earth
15:00
15:00
90min
Design a circuit board with KiCad
cpresser

Participants will learn the complete workflow of creating a circuit board with KiCad. At the end of the workshop, you will have a designed PCB that blinks some LEDs and is ready for manufacturing. No prior experience is required, basic electronics knowledge is useful.

Hardware Hacking Area 🤖
Hardware Hacking Area 🤖
15:00
120min
Hope : It is too late to be pessimistic (about climate change)
Smári McCarthy

We know that we are in trouble as a human society, so what are we going to do about it?

Showcase projects that do good things
What can you do?
Tension between system-level problems and the massive powers that be and the scope of individual impact. How do you leverage your privilege?
imagining yourself in 2050 narratives.
Emergent 🌍
Emergent Earth
15:00
50min
Plotting the Pandemic... or Any Other Catastrophe-Movie
Klaudia

Only three years ago you wouldn't have had a chance to get this so-called reality past any decent editor. Now, plotting a book or movie has become increasingly hard and the next years in publishing will be interesting, since our standards in what is scary or believable or how dumb can one be to do XY as a book character, to get into whatever problems, have tremendously changed.

MCH2022 Curated content
Clairvoyance 🔮
15:00
50min
TASBot OoT ACE: How to get the Triforce on an N64 via controller input
dwangoAC

TASBot has appeared at multiple charity events raising more than $1.3M to date by hacking classic video game consoles through controller ports. In this talk, dwangoAC will show how TASBot, with help from a human speedrunner, can use a Stale Reference Manipulation exploit in the N64 game Legend of Zelda: Ocarina of Time to achieve persistent Arbitrary Code Execution to obtain the Triforce and many other surprising outcomes that have to be seen to be believed.

MCH2022 Curated content
Battery 🔋
15:30
15:30
90min
HSNL: Data custodian, Identity and governement - Conduction
Auke van Slooten

This talk is part of the Decentralized Web / Decentralized Identity Talks at the HSNL Village (HackerSpaces NetherLands), in the Muze / NLnet tent. Decentralization comes in many forms, not necessarily using blockchain, but also using Peer 2 Peer technology and self hosted platforms.

HSNL
HSNL Village (Muze / NLnet tent)
15:30
90min
Internet measurements with RIPE NCC tools
Emile Aben, Jelena Cosic, Vesna Manojlovic

Observing and measuring Internet traffic can tell us a lot about the health and resiliency of Internet locally, regionally and globally. There is a constant increase in global political and social instability which often leads to Internet shutdowns or disruptions. We at the NCC are looking into improving our internet measurement tools so that they can be used to detect, analyze and document these events.

MCH2022 Curated content
Envelope ✉️
16:00
16:00
60min
Break
Abacus 🧮
16:00
60min
Jam session: Music Created by Hackers
Chris van 't Hof, Party Area

Each day 16.00-17.00 anyone who can play an instrument is welcome on the Music stage to join our jam session. Bring you guitar, synthesizer, bagpipe, voice or anything you are capable of playing. Drums and amplifiers are already there. The best songs created by hackers, we will perform again on the 25 July at 22.00.

Music Stage 🎤
Music Stage 🎤
16:00
90min
Microbit workshop
Family Zone Speakers

Kids will learn to do basic coding en electronics with Microbit pocket-sized computers .

Family Zone 👪
Family Zone 👪
16:00
50min
Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry System
Martin Herfurt

The security of Tesla's cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure?

This case study sheds light on the inner workings of Tesla's Passive Entry System and core VCSEC protocol, and reveals possible attack vectors.

MCH2022 Curated content
Battery 🔋
17:00
17:00
60min
Break
Battery 🔋
17:00
50min
Cyber crises and what you can do to face the challenge
Oscar Koeroo

Your organization suffers from a serious system compromise from a cyber-crime ring, state-actor or both. The cyber inferno is raging through your organisation. In this talk I’d like to walk you through a situation which escalated quickly. The talk is intended to inspire people to take preventative measures, keep their heads as cool as possible, and keep a grip on the situation.

MCH2022 Curated content
Abacus 🧮
18:00
18:00
60min
Break
Clairvoyance 🔮
18:00
50min
A CISO approach to pentesting; why so many reports are never used
Fleur van Leusden

Pentesting can provide vital information to organisations about their security. However, many reports end up never being used or not being used to their full potential. That is partly due to the pentesters and their writing skills. But in large part is also to be attributed to CISO's lack of guidance and involvement.

I am not a spokesperson for all CISOs, but I do have quite a bit of experience in the pentesting field as a CISO. As such; I would like to share my thoughts about how a CISO can lead the pentesting process as effectively as possible, as well as what I as a CISO like to see in my pentesting reports.

I will also highlight why some reports don't get used and why I think we struggle with this as much as we sometimes do.

I think this information is usefull for pentesters and CISO's alike, because it shows both sides how the other one works and thinks.

MCH2022 Curated content
Abacus 🧮
18:00
60min
Breaky breaky
Party Area

Realistic dramatisation of what is needed to load in an act on a stage.
Our local area techs will be joined by the guest acts in building up the equipment needed to perform during the laser and fire shows.

.

Music Stage 🎤
Music Stage 🎤
18:00
90min
Decoding the patterns of bad communication
Daisy Hilbrands

Let us have a discussion about what bad communication is and how to avoid it in the future - especially when you interact with others.
There are five common patterns we fall into, when we are communicating badly. This workshop will give you the tools to recognise these anti-patterns in yourself and others and furthermore the knowledge on how to change your communication for the better in the future. This will support you in getting your message understood.

MCH2022 Curated content
Envelope ✉️
18:00
120min
From Zero to Root in 120 Minutes - Introduction to Wordpress Hacking
leyrer

You know the impressive visuals from TV series and movies. The hacker opens a black console window, types fast on the keyboard and suddenly has root on the target system, saving the day. But how does this look like in reality? Let me show you how this might be possible.

MCH2022 Curated content
Gear ⚙️
18:00
50min
Nuggets of Shannon Information Theory
Christian Schaffner

In his 1948 scientific article entitled "A mathematical theory of communication", Claude E. Shannon introduced the word “bit”. The article laid down the foundations for the field of information theory which in turn opened up the way to digital information processing.

In this overview talk, I will present in an accessible way three nuggets from Shannon information theory:
1. Shannon entropy, a mathematical quantification of uncertainty of a probability distribution.
2. Information Compression: Shannon entropy provides a fundamental lower bound on how much information from a source can be compressed so that it can later be recovered.
3. Error correction: when digital information is transmitted over a noisy channel, the methods of error-correction provide ways to protect this information from noise. Yet again, Shannon entropy provides the fundamental quantity of how much information can be transmitted over a noisy channel.

While the content of this talk is of mathematical nature, I will try my best to make it accessible to anybody with (very) basic knowledge of probabilities and programming.

MCH2022 Curated content
Battery 🔋
18:00
120min
Surface Mount Electronics Assembly for Terrified Beginners
Kliment

In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.

MCH2022 Curated content
Hardware Hacking Area 🤖
18:00
90min
Surviving systemd
gait

At its core, systemd is a "system and service manager -
an init system used to bootstrap user space and manage user processes.
It also provides replacements for various daemons and utilities,
including device management, login management, network connection management,
and event logging"
for Linux operating systems. (Wikipedia)

Or, to take it more wildly:
"systemd takes all the init features formerly implemented
with sticky tape, shell script hacks, and the sweat of administrators
and formalizes them in a unified field theory of how services
should be configured, accessed, and managed."

Let me help you to survive.

MCH2022 Curated content
DNA 🧬
19:00
19:00
50min
Ethics does not belong on the wall! Ethical framework for the use of location data
Frank Verschoor, Emily Daemen

The use of data is accelerating, not only owing to increasing technical possibilities like AI and earth observation, but also as a result of crises such as COVID-19 and climate change which accelerate the deployment of data and technology. This is happening on a small and local scale, as well as on a large and global one. Precisely because these data are potentially personal, and its use is becoming commonplace, it is urgent to internalize shared principles for the responsible use of data to achieve greater common value, better data and better products. These are preferably intrinsic principles that guarantee the safety and privacy of people, our social values and human dignity. In this talk we discuss an ethical framework for the use of location data. Together with the crowd we will investigate several dilemma's in which location data play an important role. How far can you go? Which values are more important? These are the kind of questions we will present and discuss.

MCH2022 Curated content
Clairvoyance 🔮
19:00
60min
How I turned the badge into a drone
Area 42 Workshops

This workshop/demo will be held in our workshop tents located on Backbone Boulevard between Liskov field and Flower field.

They loaded the badge with what hardware? FPGA, sensors, esp32, and a Raspberry Pi. It should be possible to turn this thing in a drone with some additional hardware. And that's just what Hugo is trying to do right now.

In this workshop/demo he will show you either his results or how he failed.

Area 42 Workshops
Area 42 Workshops
19:00
50min
Scanning and reporting vulnerabilities for the whole IPv4 space. How the Dutch Institute for Vulnerability Disclosure scales up Coordinated Vulnerability Disclosure
Chris van 't Hof, Astrid Oosenbrug, Frank Breedijk, Lennaert Oudshoorn

The Dutch Institute for Vulnerability Disclosure scans the internet for vulnerabilities and reports these to the people who can fix them. Our researchers will go into some of our recent cases, our board members will describe how we professionalise vulnerability disclosure and why we are allowed to somewhat break laws on computer crime and privacy.

MCH2022 Curated content
Abacus 🧮
19:00
50min
macOS local security: escaping the sandbox and bypassing TCC
Thijs Alkemade, Daan Keuper

"SomeApp would like to access files in your Documents folder." Anyone who has used macOS recently will be familiar with these prompts. But how do they work? What happens if you deny the access? Are they an effective defense against malware?

This talk will give an up to date overview of the local security measures of macOS and describe some ways they can be defeated in practice.

MCH2022 Curated content
Battery 🔋
19:30
19:30
60min
Electronic Music clinic by professionals
Party Area

Electronic Music clinic by professionals
Every evening we have a specialty clinic with professionals provided by DJ Spock
Tonights clinic will be hosted by:
Evilscientress
Demo situated on a realisticly recreated festival stage.

.

Music Stage 🎤
Music Stage 🎤
20:00
20:00
60min
Break
Battery 🔋
20:00
120min
Hacker Jeopardy!
minicom

Hacker Jeopardy! The classic TV game, but with hacker subjects this time. May Contain a lot of trivia answers, such as Certificate Authorities incidents, government hacking groups, Windows system32 executables and possibly a lot more. Please join us!

Misc Track
Envelope ✉️
20:00
50min
OpenKAT: Looking at security with cat eyes
Oscar Koeroo, Brenno de Winter

During crises – like COVID19 – software is made under immense pressure in a volatile environment. Security should focus on anything that makes one vulnerable. OpenKAT does this with real forensic proof, with the right context and useful in real life.

MCH2022 Curated content
Abacus 🧮
20:00
50min
Rocking the Web Bloat: Modern Gopher, Gemini and the Small Internet
James Tomasino

The web is a mess, bloated with data-gathering trackers, predatory UX, massive resource loads, and it is absorbing everything it touches. The Small Internet is a counter-cultural movement to wrangle things back under control via minimalism, hands-on participation, and good old fashioned conversation. At its heart are technologies like the venerable Gopher protocol or the new Gemini protocol offering a refuge and a place to dream of a better future.

MCH2022 Curated content
Clairvoyance 🔮
20:30
20:30
90min
Badge FPGA Workshop
Reinier van der Leer

The MCH2022 badge contains an FPGA: a very powerful piece of technology, but possibly somewhat daunting to get started with. This workshop aims to get you started with FPGA development, and to teach you the potential of this new and versatile technology.

Misc Track
Gear ⚙️
20:30
90min
Real time IRL performance
Party Area

Fire and laser show featuring background music
No imitation stage would be complete without an act that makes it look legit.
Tonights performance is hosted by:
Music Created by Hackers (outcome of jamsessions)
Demo situated on a realisticly recreated festival stage.

Music Stage 🎤
Music Stage 🎤
21:00
21:00
60min
Break
Clairvoyance 🔮
21:00
50min
Censoring the internet & how to bypass it
Aseem Shrey

In recent times, internet censorship has increased throughout the world. With governments realising the potential of the internet in spreading information as well as misinformation.
To curb or rather control this, governments around the globe have taken to censoring parts of the internet by directing major ISPs to block access to those websites.
The ISPs around the globe have used different methods to block the access. Some resulting in DNS filtering to others doing SNI ( Server Name Information ) inspection.
There have been ways to bypass these restrictions, like DoH ( DNS over HTTPS ) and eSNI ( encrypted SNI ), now ECH ( Encrypted Client Hello ), supported by TLS 1.3.
To counter these, some authoritarian regimes ( like China ) have blocked eSNI traffic altogether, to be able to sniff the traffic and block the websites accordingly on their ‘Great Firewall’.
I will be talking about how these different mechanisms of blocking user traffic works, by doing a live demo of packet analysis using wireshark.
Later on in the talk, I will show a comparative study of the different ISPs around the globe and what their approaches are at blocking the internet ( if any ).
After understanding how the technologies work, I will show ways to bypass the censorship by some open source tools, DIY solutions and finally some paid/managed alternatives. What are the things that one should look for when choosing one such paid solution.
Towards the end, I will announce the open source repo for the tool used to conduct this project, where people can contribute and use it for their own research purposes.

MCH2022 Curated content
Battery 🔋
21:00
90min
OpenStreetMap for Beginners
Pieter Vander Vennet

Are you interested in maps? Are you searching for a FLOSS mapping navigation? Do you need geodata? Do you need a map on your site? Do you want to help creating maps from your local environment or from vulnerable places? Then, you have come to the right talk! This talks gives a broad overview of OpenStreetMap, the community and how to get started with it.

MCH2022 Curated content
DNA 🧬
21:00
50min
Single Sign-On: A Hacker's Perspective
Matthijs Melissen

This talk gives an introduction in how single sign-on protocols (such as SAML, OAuth 2, and Open ID Connect) work. Subsequently, I will talk about the most commonly found vulnerabilities in these protocols. Finally, I will show various ways to resolve these vulnerabilities.

MCH2022 Curated content
Abacus 🧮
22:00
22:00
50min
Around the world in 80 networks, Hacking Universities Worldwide. ( ...lessons learned at age 15. )
Rob Coleman

After finding a 0-day in Canon hardware, we went on a hacking trip around the world.

We exploited the hardware in 20 Universities worldwide
We contacted Canon.
Talks broke down.
Our site got taken down.
We learned lessons we didn't expect.

We would like to describe the pleasure we had, the problems we faced, the moral dilemma's, and the solutions we found.

Also we will include lots of screenshots and perhaps a live demo ?

MCH2022 Curated content
Battery 🔋
22:00
60min
Electronic Music clinic by professionals
Party Area

Electronic Music clinic by professionals
Every evening we have a specialty clinic with professionals provided by DJ Spock
Tonights clinic will be hosted by:
Gasman
Demo situated on a realisticly recreated festival stage.

.

Music Stage 🎤
Music Stage 🎤
22:00
30min
Knock knock, who’s there? Is your door locked? Are you sure?
Jeroen

One of the most used video entry systems is analysed for this talk. Severe security implications that range from passive, information gathering, attacks to active attacks where unauthorised access to buildings can be gained.
During the talk the technical details of the bus system will be discussed and multiple attackvectors will be demonstrated. At the end of the talk the disclosure procedure to high value targets and the manufacturer are also discussed.

MCH2022 Curated content
Clairvoyance 🔮
22:00
50min
Successfully building and programming sound field control systems
Adrian Lara Moreno

We will walk through the basics of sound field control systems and what you would need to build your own Wave Field Synthesis and Beamforming enabled system. We will unveil some of the challenges we faced at HOLOPLOT and what solutions power our tech stack.

MCH2022 Curated content
Abacus 🧮
22:40
22:40
30min
Introducing CSIRT.global: if you love the internet, we need your help
Eward Driehuis

The Dutch Institute for Vulnerability disclosure goes international. We’re building a community of enthusiasts to help stop the downward spiral of the internet, we’re calling it CSIRT.global. It’s aimed at international collaboration. Trust and communication, balanced with a sense of reality about the sensitive information we deal with, are key. Here’s how you can help, one vulnerability at a time.

MCH2022 Curated content
Clairvoyance 🔮
23:00
23:00
50min
Payment terminals as general purpose (game-)computers
Thomas Rinsma

What is inside a Verifone VX820 payment terminal and how can we run our own code (i.e. Doom) on it?

This is a story of a software guy messing around with an interesting embedded device. It includes some reverse engineering, interesting security practices, proprietary executable formats, and a game of bootloader hopscotch.

MCH2022 Curated content
Abacus 🧮
23:00
50min
illumos SmartOS, specialized Type 1 Hypervisor
drscream

Overview of SmartOS - an illumos based distribution with focus of virtualization. Must be named technologies used by SmartOS: ZFS, Crossbow, Zones, DTrace, Bhyve. The talk will show you the benefits of SmartOS; Configuration and management of SmartOS virtualization technologies; Tooling on top of SmartOS.

MCH2022 Curated content
Battery 🔋
23:20
23:20
30min
Reproducible Builds for Trustworthy Binaries
raboof

Reproducible Builds is a technique that can be used to secure the software delivery pipeline.

For open source software, they even allow independently auditing published binaries, removing a single point of trust from the distribution process. This can be used by individual projects or even complete Linux distributions.

MCH2022 Curated content
Clairvoyance 🔮
23:30
23:30
30min
Symphony of Fire
Party Area

Since the stone-age, Fire and Lightning has been feared-entertained to all mankind. Two artists from Deventer, The Netherlands - Uwe Dobberstein and Peter de Man - are using these primal forces to make music. Their crazy live shows are a spectacle of sizzling tesla coils, towering flames and thundering explosions, creating harmony and rhythm. Symphony of Fire tames nature itself.

Demo situated near Griet Titulaar Lake

Music Stage 🎤
Music Stage 🎤
00:00
00:00
120min
Silent contemplation in A-major
Party Area

Let the nights peacefullnes flow over you while listening to some tunes provided by anyone who feels like it.
We'll be using headsets as to not bother our neighbours with our audiological zen moment
Distribution of these will be handled through the tent on the field, that's also the place to return them.
Demo situated on a realisticly recreated festival stage.

Music Stage 🎤
Music Stage 🎤
10:00
10:00
50min
A Smart Light Hacking Journey
Khaled Nassar, Tom "Halcyon" Clement

Smart lights have become pervasive in many homes, but they are often designed in such a way that makes them completely reliant on the manufacturer's servers and connectivity to the Internet. However, we would much rather be fully in control of our own devices.

As a target, we took on the cheap and popular Tuya white-label smart lights, which can be commonly found under many different brand names.

In this talk, we'll take you on a trip through our 1-year journey of hacking these devices, including the details of finding and remotely exploiting a vulnerability in the firmware for devices based on the custom BK7231 SoC.

MCH2022 Curated content
Abacus 🧮
10:00
120min
Collect all the data (more than you ever need)
H. O. Klompenmaker

Are you curious, and looking for a fun project perhaps this workshop is something for you?
The capabilities of both generating and collecting data have been increasing rapidly in the last several decades. Everybody needs info / data in life.
Some examples:
In your job to find new businesses opportunity’s or just to "spy" on employees or your competitors?
Reverse engineering for a simple replay attack, you might need to know the frequency, Chip vendor .or layout
Finding your long lost friends, loves-once from long ago.
Some time's you know it must be out there somewhere but you just can't find it.
Why can't you find it and how to improve your search skills on gathering or collecting data.
Step by step I will guide you in the art off “collecting data”.
And NO is not an option is something I hope to gain.

This is NOT an debate about the ethics or politics of online reconnaissance on personal information gathering.*
Further this is not a guide/training to steal information for criminal purposes.

*If you would like to discuss this we could do this after in the Lounge

MCH2022 Curated content
Envelope ✉️
10:00
50min
How to Secure the Software Supply Chain
Feross Aboukhadijeh

Open source code makes up 90% of most codebases. How do you know if you can trust your open source dependencies? Do you know what’s really going on in your node_modules folder? It is critical to manage your dependencies effectively to reduce risk but most teams have an ad-hoc process where any developer can introduce dependencies. Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022. We’ll dive into examples of recent supply chain attacks targeting the JavaScript, Node.js, and npm ecosystems, as well as concrete steps you can take to protect your apps, projects, and teams from this emerging threat.

MCH2022 Curated content
Battery 🔋
10:00
40min
hack your brain
va13, anke

Food affects your body, food affects your mind. This talk describes how the performance of my brain has decreased over time and has returned by changing my diet. Basic food is not enough for your brain to deliver exceptional performance. Come with us and open your mind.

MCH2022 Curated content
Clairvoyance 🔮
11:00
11:00
50min
Introduction to MQTT, Node-RED & Tasmota
CrazyA (Ad)

A demonstration of the power of MQTT in combination with Node-RED. We'll also take a look at the "universal" Tasmota firmware for ESP8266 and ESP32-based devices. This all to hopefully make you enthusiastic to start building your own projects with these building blocks.

MCH2022 Curated content
Abacus 🧮
11:00
120min
Make fun graphs with your whatsapp chats
Richard

Using Splunk to analyze your Whatsapp chat data. Find out who was sending the most messages, who was chatting in the middle of the night, or how many chats you will recieve in the future.

In this workshop we will make fun graphs using your own whatsapp data from one chat. We will start with extracting your whatsapp data en import it into the provided Splunk server.

Family Zone 👪
DNA 🧬
11:00
50min
Sensor.Community - Global Open Environmental Data Platform
Lukas Mocek

Sensor.Community - Global platform for Open Environmental Data

We invite you to become part of Sensor.Community. The worldwide largest Air Quality sensor network run by contributors generating Open Data. Build a sensor, collect Open Data, share it in a continuous stream with the global network and join forces in local Sensor.Community groups.

MCH2022 Curated content
Clairvoyance 🔮
11:00
30min
Where did all the parts go - the 202x component availability trashfire
Kliment

Since early 2021, it has been impossible to buy most integrated circuits and various other components. I'll explain how and why this happened, why it's going to keep happening, and where the fragility of the electronics manufacturing ecosystem comes from.

MCH2022 Curated content
Battery 🔋
11:40
11:40
30min
What can AI learn from your face? The making of HowNormalAmI.eu
Tijmen Schep

HowNormalAmI.eu is an interactive documentary that showcases how algorithms judge your beauty, age, gender, weight, life expectancy and emotions by simply looking at your face. The project not only shows how face recognition technology is entering our everyday lives, but it lets you experience these judgements yourself in a safe and privacy friendly way.

This talk will zoom in on one algorithm that tries to deduce your Body Mass Index (BMI). The 'making of' will discuss the ethical questions it raised, the dubious science behind it, the dodgy data sources, and the surprising companies that are playing around with this technology.

MCH2022 Curated content
Battery 🔋
12:00
12:00
120min
Computing within Limits
Vesna Manojlovic

The LIMITS workshop concerns the role of computing in human societies affected by real-world limits*. As an interdisciplinary group of researchers, practitioners, and scholars, we seek to reshape the computing research agenda, grounded by an awareness that contemporary computing research is intertwined with ecological limits in general and climate- and climate justice-related limits in particular. LIMITS 2022 solicits submissions that move us closer towards computing systems that support diverse human and non-human lifeforms within thriving biospheres.
For example, limits of extractive logics, limits to a biosphere's ability to recover, limits to our knowledge, or limits to technological "solutions".

The LIMITS workshop concerns the role of computing in human societies affected by real-world limits*. As an interdisciplinary group of researchers, practitioners, and scholars, we seek to reshape the computing research agenda, grounded by an awareness that contemporary computing research is intertwined with ecological limits in general and climate- and climate justice-related limits in particular. LIMITS 2022 solicits submissions that move us closer towards computing systems that support diverse human and non-human lifeforms within thriving biospheres.
For example, limits of extractive logics, limits to a biosphere's ability to recover, limits to our knowledge, or limits to technological "solutions".

Emergent 🌍
Emergent Earth
12:00
50min
SSH Configuration, Intermediate Level
leyrer

So, you know how to "use" the ssh command line? You enter connection parameters like username, hostname or private key every time you need to connect? You manually log into the jump/bastion host when connecting to your target host? Then come to this session and learn how you can make your life easier and your work more efficient by using custom config files and a tiny little bit of preparation.

MCH2022 Curated content
Clairvoyance 🔮
12:20
12:20
30min
Guardians of the Dutch healthcare
NelusTheNerd

In 2017 (just before SHA2017) the Dutch healthcare sector came together to create Stichting Z-CERT, the Zorg Computer Emergency Response Team. A nonprofit to protect and advise the Dutch Healthcare sector. What started as a small startup has now grown into a scaleup with the ambitions to match.
The COVID-19 pandemic restarted the discussion about whether or not healthcare is vital infrastructure. With NIS2 the role and importance of Z-CERT will only grow from here on.
This talk is not to intended to be a corporate “Look how great we are and what kind of sexy products we have. BUY OUR STUFF.” No, we want to simply show what we do and what we learned in 5 years of being a CERT. This might help our (future) fellow CERT’s and the community.

MCH2022 Curated content
Battery 🔋
13:00
13:00
50min
Badge talk
Anne Jan Brouwer, BADGE.TEAM, Reinier van der Leer, Renze Nicolai, RobotMan2412

A high bar set by earlier creations, a pandemic, a postponed event and chip shortages made for a great challenge and a wild adventure creating the MCH2022 badge. This talk explains how we pulled off our most advanced creation yet. We will tell you about the process of converting a vague idea into a piece of electronics, including the prototyping process and the difficulties we encountered.

MCH2022 Curated content
Abacus 🧮
13:00
50min
How do GPS/Galileo really work & how the galmon.eu monitors all navigation satellites
bert hubert

The whole world depends on Global Navigation Satellite Systems like GPS, Galileo, BeiDou and GLONASS. The technology behind these systems is fascinating and far more interested than generally presented. Although GNSS is super important, up to recently no good monitoring was publicly available. The "galmon.eu" project changed this.

In this talk I cover:

  • How your phone really figures out where it is (so it can sell more expensive ads)
    • How the "satellite ephemeris" is broadcast, what it means
  • What is really in this 'assisted GPS'?
  • The extensive ground infrastructure that is active 24/7 to determine the satellite orbits so GNSS is precise enough to tell which store you are in, or which side of the road you are driving on
  • How GNSS are monitored in public by 100 Galmon.eu volunteers, running open source receivers all over the world
    • And the research we enable
  • Discussion of suitable hardware and GNSS-SDR that allows hackers to see each and every bit coming from the satellites
  • A brief part on how GNSS can be spoofed and jammed, and the odd cryptography used to help detect or prevent this

The goal of this presentation is to expose the fascinating reality behind that little circle on your maps app, but also to explain how vulnerable this system is, which is why we need to monitor it closely.

MCH2022 Curated content
Battery 🔋
13:00
120min
Surface Mount Electronics Assembly for Terrified Beginners
Kliment

In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.

MCH2022 Curated content
Hardware Hacking Area 🤖
14:00
14:00
30min
Cryptography is easy, but no magic. Use it. Wisely.
Lord BugBlue

Using cryptography can give you easy assurances, keep data confidential and keep prying eyes from stuff where they should not be.

However it's not magic.
This talk is intended for programmers, users and software designers.

This talk is about hardcore mathematics while you should not have to understand what the mathematics are but what they do.

What does cryptography do: encrypt, decrypt, sign and verify.
How are certificates used in cryptogaphy and why are they totally not a magical thing.

It covers what cool hardware is available, open design and open source, hardware tokens and how to use TPM for cool features.

And last but not least: it contains best practices and warnings. After this talk you might be able to see what's snakeoil and what is real.

MCH2022 Curated content
Clairvoyance 🔮
14:00
30min
No Permissions Needed!
Aditi Bhatnagar

Data keeps flowing! In Android, we have the concept of permissions, users feel confident that only if they turn on the permission, their data is shared. But what about an app silently sitting on your device with no permission whatsoever! What can that app know about you?

MCH2022 Curated content
Battery 🔋
14:20
14:20
30min
The MCH2022 Design
Christel Sanders

The MCH2022 design speaks for itself, but we would still nerd about it for a while. It is beautiful, colorful, generative, and has some physics ideas behind it. Some of it is obvious, but if you want to know all the hidden depths, this is the talk to visit.

MCH2022 Curated content
Abacus 🧮
15:00
15:00
50min
Infrastructure review
Bix, RFguy

The traditional talk by most or all operational teams about the infrastructure built for MCH2022. While the site has some infrastructure in place, a lot of it has to be built for this event. On the other hand there's also teams that just make things go away.

MCH2022 Curated content
Abacus 🧮
16:00
16:00
45min
⚠️ May Contain Hackers 2022 Closing
Elger "Stitch" Jonker

It's over before you know it... this talk looks back at the event, explains how the tear-down works, highlights next years camps and gives a tanks to all the organizers on stage.

What more can i say? Except that i need to enter at least 250 characters. I'll just blabber on and fill up th

MCH2022 Curated content
Abacus 🧮