Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Check-in time for Hackerhotel 2025

Need a professional portrait photograph taken for your next event, or talk? Or maybe for your upcoming book's cover? Update your Wikipedia page's profile photo? Become a social media influenza? Visit the studio and have your picture taken!

Decorating T-shirts with bleach is cool and not difficult. We could choose to make stencils; if you carefully cut or clip you get a positive and a negative template, you can use both and the effect is very different.

Get to know the workings of an Abacus. Dedication is key. This workshop requires daily attendance.

A short introduction to cryptography, its past, present and future for the not yet fully initiated.

Lockpicking is a sport where you open locks without force and mostly without keys. While doing this activity nothing much can be seen of the actual process. In stead you need to rely on sound and feel (tactile feedback from the lock).
Therefor a lot of people (including us) think a visual impaired person could be rather good at this (as they are more trained to use the "other" senses)
The firsts steps into locksport however are VERY visually heavy (video's, pictures, diagrams) which makes it rather hard for a visual impaired person to get started.
We believe we fixed that now.

A year later, we are back at the wonderful company Acme where nice people make beautiful things.

This time we will follow up on that and tell you how the company can improve their own maturity and security levels as explained in the standard.

How to make an Android App for Android Auto, a demo of the MapLibre sample app, and stories about Flitsmeister.

In today's rapidly evolving digital landscape, the increasing frequency and the scale of security incidents pose significant challenges for incident response teams. The traditional approach, rooted in digital forensics, is no longer sufficient nor is it efficient enough. It's time for a shift towards an automated incident response strategy that combines the investigative prowess of a digital detective with a DevOps mindset.

In this talk, we will present how the incident response process of acquiring data, processing data, and analyzing information can be automated. Based on how we have built our incident response lab using open-source software packages developed by Microsoft (AVML), Google (Timesketch, WinPmem), Rapid7 (Velociraptor), Fox-IT (Dissect), Elastic, KROLL (KAPE) and HashiCorp (Terraform, Vault). We will guide you from using tools manually to using these tools automatically and magically. Well not really magically, but we will emphasise the application of a DevOps mindset to the process that most incident responders execute on a daily basis including ourselves, combined with examples that can be put into practice.

You can visit the WHY room all day to help out making the camp AWESOME! We are organising workshops all day, and if you want to do something feasible, you are very welcome to pick up one of the Tiny Tasks.

You've maybee seen the raking robot that got a CEH (Certified Estetisch Harker) certificate, the Telex linked to Twitter/Telegram or the ASCII foto booth. They are all made by me. If this talk gets accepted I will do a deep dive on these three contraptions and what I learned building them.

Openingstalk by Dimitri opening Hackerhotel 2025

surprise surprise surprise surprise surprise

De opkomst van geavanceerde technologie en kunstmatige intelligentie heeft ongekende mogelijkheden gecreëerd, maar ook een sluimerend probleem blootgelegd: de validatiecrisis. In deze lezing neemt Brenno de Winter, gerenommeerd cybersecurity-expert en auteur van De Validatiecrisis, u mee in de wereld van misleidende aannames, ongeteste technologie, en de gevaren van een gebrek aan kritische evaluatie. Hij toont aan hoe deze crisis niet alleen technologie, maar ook maatschappelijke besluitvorming ondermijnt.

Een belangrijk deel van de lezing is gewijd aan de MIAUW-methodiek (Methodiek voor Informatiebeveiligingsonderzoek met Auditwaarde). Dit gestructureerde framework biedt een oplossing voor de validatiecrisis in informatiebeveiliging door de nadruk te leggen op reproduceerbaarheid, transparantie en auditwaarde. MIAUW stelt organisaties in staat om kwetsbaarheden niet alleen te identificeren, maar ook te documenteren op een manier die zowel controleerbaar als bruikbaar is voor bredere compliance- en risicomanagementstrategieën.

Tijdens de lezing bespreekt Brenno de Winter praktische voorbeelden, biedt hij concrete handvatten om kritisch denken te bevorderen, en illustreert hij hoe MIAUW organisaties kan helpen de kloof tussen complexe technologie en verantwoorde toepassing te overbruggen.

Party-time ! Party-time ! Party-time !

Learn how to breathe fire with Frank and Chris. Frank/Chris will explain the techniques and then we will practise. Ofcourse this will be outside the hotel , around the back/side of hotel on the grass.

How to use screenreaders to scan the operatingsystem, building blocks of an application or web-enviroment.

I have been struggling with my weight for over 25 years. After reading the book : The Obesity Code" everything clicked. Since I have lost 13 kg within 6 months. The great thing about this is that it is effortless.

In this workshop we start with the theory of gaining and loosing weight. After that we are going to look at recipes for individual participants. What works, what doesn't.

In the end you will know what should work for you, and how you can loose weight effortlessly.

You can visit the WHY room all day to help out making the camp AWESOME! We are organising workshops all day, and if you want to do something feasible, you are very welcome to pick up one of the Tiny Tasks.

Ransomware attacks can feel like a dead end when it comes to data recovery, but not every case requires paying the ransom. In this talk, I’ll share real stories of successful recoveries achieved through attacker mistakes, overlooked system settings, and a strange, unintended effect we discovered and turned into a recovery technique. This method still works because many ransomware groups repeat the same error, and I’ll share it under TLP:RED to prevent attackers from becoming aware and adjusting their tactics. Learn how quick thinking and unexpected opportunities can make recovery possible even in the most challenging cases.

The Election Council is working on Abacus, the tabulation software for the elections. Come to this workshop to try your hands on the software in a production-like setting and learn more about the choices and concepts behind it.

"AiTM: Lessons Learned" dives into the evolving threat of AiTM attacks. Our presentation highlights the transition from basic phishing tactics to sophisticated methods that compromise organizational security. The presentation outlines the journey from oldschool phishing attacks, to phishing framework like UADMIN, and the introduction of tools like Evilginx. And now the SaaS providers allowing anyone to buy access to an AiTM platform.

This talk describes the computer and its interfaces the DSKY (DiSplay-KeYboard) on board the Apollo missions that got us to the moon and back.

I will point out several modern sources of information about this historical project and how it entertains lots of people to this day, including several emulation projects.

The total number of vulnerabilities continues to rise. If we had to rely on just CVSS for prioritizing those vulnerabilities, we have an enormous hard time to remediate all of them. In this talk, we’ll explore the critical gaps in CVSS-based prioritization and discuss why factors like exploitability, asset criticality, and real-time threat intelligence are way more important. Expect real-world examples, a touch of humor, and actionable insights to help you move beyond the CVSS score and toward a smarter, risk-based approach to vulnerability management.

Because let’s face it: a CVSS 7 can be way more critical to your organization then a CVSS 9!

With the support of the Dutch embassy in Tokyo, I have researched Coordinated Vulnerability Disclosure (CVD) in Japan for DIVD. Japan’s governmental policy on CVD dates back to 2004. Although Japanese criminal law and jurisprudence do not allow for large-scale intrusive vulnerability research and disclosure, Japanese institutes help citizens disclose zero days to vendors and report vulnerabilities to website operators. Also, the Nation Institute for Information Communication Technology scans and notifies vulnerable IoT, and the Japanese government has adjusted laws to allow this.

With more than 30 years of active camping experience and two trips to Ukraine under my belt I would like to share a bit of experience in preparing for the expected and unexpected.

Need a professional portrait photograph taken for your next event, or talk? Or maybe for your upcoming book's cover? Update your Wikipedia page's profile photo? Become a social media influenza? Visit the studio and have your picture taken!

You know those people that take a balloon, inflate it and after some twisting, turning, and some squicky noises they end up with a balloon creature that makes kids really happy?

You could be one!

Because, baloon folding isn't that hard, actually.

I have the balloons, instructions and will actually try to teach during this workshop as well.

Are you an adult and know how to do this, I could sure use some help to survive the chaos ;)

Laguages spoke: Dutch, English
Spoken poorly: German
Barely spoken: French

This workshop is especially for all attendants who are not Dutch natives. In an exact and logical manner I will guide you through the syntax and semantics of the Dutch language, from sounds (the famous 'ggh' and vowel inventory) to gender of nouns and word order. There will be simple illustrations to help you get a grip on the language and bluff your way into pub talk with locals. Please bring pen and paper for the old school school experience!

Back by popular demand: LED jewellery made from epoxy resin! We will be making brooches this time.

Since the start of the war, our community has risen to help friends in Ukraine in many different ways. Roman Kniaziev is coming over from Kharkiv to explain how he works with all the volunteers of ETOC to support his country. Even though the news can be overwhelming, everyone can help. This talk shows you how.

The internet cleanup foundation publishes the baseline security of 150.000 domains of 10.000 important organizations in the Netherlands. This talk shows what we've done in 2024 and highlights some of the nice things to come in 2025 maybe spoiling one or two things :) - It had a ton of impact and large banks, internet providers and all kinds of other institutions cleaned up their baseline security issues.

You can visit the WHY room all day to help out making the camp AWESOME! We are organising workshops all day, and if you want to do something feasible, you are very welcome to pick up one of the Tiny Tasks.

Meshtastic and LoRa, what is it and what can you do with it?

This talk delves into the technical aspects of the Tanmatsu hardware design, the latest creation by the badge team, set to be released alongside the availability of ESP32-P4 chips. It will also form the foundation for the WHY2025 badge. Topics include an exploration of the PCB's high-level design, cost considerations for producing 4000 units, challenges and insights from working with pre-release chip prototypes, and a discussion on the practical aspects of MIPI DSI/SCI interfaces, including LVDS and impedance. The session will share both the hurdles and triumphs encountered during the design process.

De geschiedenis en toekomst van de nederlandse hackercamps

CubeSats are small satellites comprised of 10x10x10cm "units" and range in size from very small 1U or smaller PocketQubes to 24U beasts. What can you do with such a platform and why?

Get to know the workings of an Abacus. Dedication is key. This workshop requires daily attendance.

In The Netherlands, everyone can trust the outcome of elections. That is our mission as The Dutch electoral council.

But you don't have to trust us to be able to trust the outcome of elections. Anyone can verify the results and in this presentation, we aim to explain to you which security measures have been taken in the election process here in The Netherlands to make sure you can trust the outcome of our elections, without having to trust us.

Explore the world of LoRa and Meshtastic in this hands-on workshop! Build your own Meshtastic device in the hacker room to experiment and play with your fellow hackers during the event.

I spent the past 6 years restoring and upgrading the 2 flights of stairs in my almost 100 years old house in my off time, taking into them into the 21st century while I was at it. The result is a standalone extensible system that supports an unlimited number of sensors and can light up to 256 cheap LED strips on a setup that can run completely off of a simple USB power bank for days and costs under about €40 in parts.

Frank talks about AI, why it all of a sudden is everywhere and what it means.

The summary that's fun for both outsiders and insiders of this gem of a genre. Talk is in Dutch :)

Sociale constructen gebruikt in software context en alles wat daar entertainment mee maakt :)

Een interactieve presentatie over waarom beperkingen op je dataset zetten onhandig is.

In the pub, there is the one and only hacker hotel pubquiz!

Whisky Tasting by RedTeam Cyber Security B.V.

Party-time ! Party-time ! Party-time !

You can visit the WHY room all day to help out making the camp AWESOME! We are organising workshops all day, and if you want to do something feasible, you are very welcome to pick up one of the Tiny Tasks.

The Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing emails daily. In this presentation, we will take you into the world of the criminals sending phishing emails and the recipients of the phishing mail. A live phishing demo is included.

It's one thing to plan a vacation trip to Cancun if you have a Dutch passport. It's entirely another to find a way to safety if you have an Egyptian passport.

What is an LLM? Can you run it yourself? Can you hack it?

This session will explain high-level how an LLM works, how you can run this yourself (maybe for privacy reasons), Coding with LLMs and the hacking possibilities of these AI systems. Expect many demos and hopefully useful tips and tricks, so you can directly try all this stuff out yourself.

Keyword: Supervised Learning and Reenforced Learning, Hugging Face, Quantization, Ollama, open-webui, Prompt Hacking, Tokens, Context Length

Get to know the workings of an Abacus. Dedication is key. This workshop requires daily attendance.

In this talk I will show you what is involved in making a low-cost directional speaker

Operational Technology (OT) is vital for industrial processes, yet strategic understanding of OT’s security complexity is often lacking at the executive level. This presentation emphasizes the need for organizations to approach OT as a strategic priority, highlighting its unique challenges—such as legacy systems and non-negotiable uptime—amid rising cyber threats targeting critical infrastructure. By fostering executive insight into OT management, organizations can improve resilience, enhance security, and gain a competitive edge, ultimately positioning OT as an asset in operational stability and corporate strategy.

Need a professional portrait photograph taken for your next event, or talk? Or maybe for your upcoming book's cover? Update your Wikipedia page's profile photo? Become a social media influenza? Visit the studio and have your picture taken!

Wat je als 𝘏𝘰𝘮𝘰 𝘊𝘺𝘣𝘦𝘳𝘯𝘦𝘵𝘪𝘤𝘶𝘴 altijd al hebt willen weten: hoe krijg je het voor elkaar dat de 𝘏𝘰𝘮𝘰 𝘖𝘳𝘥𝘪𝘯𝘢𝘳𝘪𝘶s (= niet hackende mens) ein-de-lijk het belang van jouw werk inziet en een beetje meewerkt.

Tijdens Hacker Hotel krijg je de unieke kans om deel te nemen aan Operation Check Mate, een meeslepende interactieve ervaring waarin je zelf in de schoenen van een rechercheur staat. Deze game is ontwikkeld door experts uit het veld en biedt een fascinerende inkijk in de wereld van strafrechtelijk onderzoek.

Nuclear fusion promises a clean, safe, and abundant source of power by harnessing the energy released when hydrogen nuclei fuse. This talk will introduce the physics behind fusion, examine large-scale experimental projects like ITER, and explore new methods—ranging from diagnostics to machine-learning-based control—aimed at achieving stable, high-energy-output plasmas.

The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it.

Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this and by identifying devices that can form a botnet, DIVD helps to make the smart grid more secure.

DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure. With the CVD in the Energy Sector project, DIVD will set up a research and education line with the DIVD.academy in collaboration with the energy sector to reduce the digital vulnerability of our energy system. DIVD will also build a hardware lab to test devices and scenarios. You may join too and help to save the grid.

In this talk, we will demonstrate how we could have generated outages using zero-days we found in solar converters and electric car chargers. But we also did it with just one user-password combination…

This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and more.

Our workflow, challenges and other fun things

Closing talk of Hackerhotel 2025 with NFIR CTF award ceremony.