Opening and welcome by Dimitri Modderman
Nico Dekens explains the history of OSINT (Open Source INTelligence), looks at the current state of OSINT, but especially looks at the future of OSINT.
Nico will discuss how OSINT has evolved and is embraced by the intelligence community, journalists and online OSINT investigators.
Nico will talk about current state and challenges within OSINT and will explore what is to be expected in the near and far future about OSINT Data collection and analysis.
The Dutch police has been trying to collaborate with ‘private partners’, including the Dutch hacker community in the Netherlands, for years now (the great Public Private Partnership or PPP), with mild success. So when they asked us what they could organise to get to know us, we replied with “invite us to hack police shit and eat pizza’s”. We thought we would never hear of them again. Surprise surprise, they eventually invited us in.
So we at Zerocopter created a team consisting of brilliant hard- and software hackers from the Dutch hacking community and went to the Amsterdam police station to try and hack some of their obsolete bodycams. Did we succeed? Come and find out and prepare to laugh your ass off!
This is TLP:Red, so make sure you get a front row seat! What do Paul, Nancy, Brenno & Chantal (and many more) have in store for us?
The World went dark 10 days ago... Ten candles is a tragic horror rpg with max 5 players. It's the story, we tell together, which is the most important part because the end is inevitable (when we are down to the last candle all characters will die, but how exactly, we will see).
Storytelling will be in English and the game last until the last candlelight still cast our shadows. (2-3hours usually)
You can enter this room (during office hours) if you want to play the CTF, maybe need a hint or help and meet with the awesome NFIR team that puzzled together this CTF for you.
Nowadays, web applications often rely on cryptographically protected tokens to facilitate single sign-on or maintain sessions across distributed servers. Such tokens contain expiration dates and the identity of the current user, and are stored in the user’s browser. It is essential that these users are not able to change the contents of these tokens, as that could allow, for instance, impersonation of other user, elevation of privileges or authentication bypasses. A crypto bug in a token implementation can lead to multiple forms of authentication vulnerabilities.
During my analysis of several token implementations, I found that the way that the application server IBM WebSphere Liberty had implementation flaws in its implementation of the Lightweight Third Party Authentication (LTPA) protocol, a cryptographic token scheme used by multiple IBM products. By combining this implementation bug with cryptographic weaknesses in the protocol itself, an attacker could to change their token into one belonging to any other user. While this attack involves a tricky adaptive chosen-ciphertext attack, it can be easily automated with a script that usually only takes a few seconds to execute. I also found a second (less severe) impersonation attack involving the injection of a delimiter character.
This talk will explain the LTPA protocol and its cryptographic flaws. I will show how these can be exploited by taking advantage of a parser implementation and an implementation bug, leading to a practical impersonation attack against applications using the WebSphere Liberty and Open Liberty web servers.
Making resin jewellery with our creative mind Moem. You will cast your own resin jewellery, think about adding LEDs and other cool electronics or just take something you want to wear close to your body. The next day you will reveal the result when the resin is hardened.
RFC 1925 Festival editie (Castlefest)
Dubbed “one of my long-running projects” by Dennis himself, Shoot ALL the hackers is a familiar recurring part of HackerHotel. If you like you can have your picture taken here.
See more details of Dennis’ project here: https://hack42.nl/wiki/Gebruiker:Dvanzuijlekom/Shoot_ALL_the_Hackers
Brainstorm sessie about badge for next Dutch Hackercamp (MCH2025)
Eelco will talk about how he setup the Hackerhotel Mastodon server. We have a server? YES!
This is a very special workshop on IMPRESSIONING, a covert entry technique used to generate a working key for a lock given only information obtained by manipulating a blank key in a lock.
Unlike lockpicking, impressioning creates a fully working key for the lock which can be used to lock and unlock the cylinder at will. With practice, his technique can consistently create a key in 10-15 minutes (and potentially faster)!
This will be a full, hands-on workshop on this technique.
HijackDotNet – We Don’t Know What Is Yet* ¯_(ツ)_/¯ – Maarten Boone (Zerocopter)
** But I will show how this tool can help you with research, defensive and offensive projects in PowerShell and .NET
This workshop by Nico Dekens gives practical hands-on insights how you can scale up Open Source Intelligence (OSINT) Video Intelligence Analysis, using Artificial Intelligence (AI) and Machine Learning (ML) provided by one of the biggest cloud-API providers, to greatly accelerate video investigations.
In the digital age manual video analysis has become cumbersome.
We often need quick answers and insights.
How would we deal with that if we have 2 hours of videomaterial, originating from Open sources like Social Media? How can we quickly detect faces, brands, extract text and audio from videos?
Red Team acties in de praktijk
In deze presentatie geeft Dejana een kijkje achter de schermen bij de werkzaamheden van het Tesorion Red Team. Van de initiële vraag tot het bedenken van een aanval en het uitvoeren ervan. Waar liepen ze tegenaan? Tijdens de presentatie hoor je of de aanval van het team geslaagd is en of de organisatie van de klant klaar was….of niet?
How Vectra enables automated threat hunting using AI/ML.
coming soon
After Network Hacking 101 in 2019 (2018?) and Network hacking 201 our friendly hacker HB is back with another edition of his hacking training.
PLOT4ai (https://plot4.ai) stands for Privacy Library Of Threats 4 Artificial Intelligence. It is a threat modeling library that helps to create responsible AI systems. This open source AI impact assessment tool consists of a library of 86 AI risks divided into 8 categories.
But PLOT4ai is more than a collection of threats: it provides a methodology to make threat modeling easy and accessible for anyone working with AI/ML.
Are you curious? Then sign up for our workshop! After a short introduction, we will start threat modeling a couple of use cases. We will do this using the physical card game (https://plot4.ai/card-game) and the online assessment tool (https://plot4.ai/assessments/quick-check).
The workshop will be provided by Isabel and Martijn from Rhite (https://rhite.tech/en/about-us)
Be a cyber security investigator and use the Vectra platform to find the incident root cause in this hands-on lab.
This workshop is about Knitting. That stuff that grows on sheep or goats.
De glasvezeloorlog: hoe zit het eigenlijk?
Nederland verglaast in een hoog tempo. Verwachting is dat binnen 4 a 5 jaar 99% van de huishoudens voorzien is van een glasvezelaansluiting. Waar in het begin het vooral lokale initiatieven waren in de buitengebieden buitelen nu grote partijen met diepe zakken over elkaar heen om infrastructuur aan te leggen. Steeds vaker meerdere partijen in dezelfde straat.
Wat betekend dit voor een nieuwkomer in de markt als Freedom Internet? Welke uitdagingen geeft dit? Welke rol speelt de ACM bij de regulering van tarieven? En welke rol spelen operators hierbij? In deze talk zoom ik in op het glasvezel landschap en hoe Freedom zich hierin zich als onafhankelijke partij in beweegt.
Engels:
The glasfiberwar in The Netherlands: what’s up?
The Netherlands are bring Fiber to the Home in a very high pace. Within 4 to 5 years it is expected that 99% of the households will have a glass fiber connection. Where a few years back only household in more remote areas were getting fiber, organised by local initiatives, now large companies with almost unlimited funds are fighting to be the first to put the infrastructure in the ground. Sometimes multiple companies in the same street.
What is the effect of this for a relatively new ISP as Freedom Internet? What challenges are we facing? What is the role of the regulator ACM in this all? Why are that many different operators active? In this talk I will zoom in on the fiber landscape in The Netherland and how Freedom Internet operates in this cobweb of parties.
Metadata is all around. And since most of it can be correlated to an observed causation, we could develop digital DareDevil superpowers. This talk is about how one can use the soft underbelly of WiFi to monitor and map what people are up to.
This started as a self-imposed challenge of ‘do something under 100,- with components everybody can easily buy’. We will see, amongst other things, that just having your smart lighting mimic presence will not fool anyone that has a variant of this project.
I still have no idea (other than encrypting the data link layer to obfuscate some information) so, maybe you can help me out?
Talk about Deadbolt ransomware by Politie Oost Nederland (Dutch police force East-Netherlands) and Responders.nu
Learn how to breathe fire with Frank. Frank will explain the techniques. Ofcourse this will be outside the hotel , around the back/side of hotel on the grass.
This is a very special workshop on IMPRESSIONING, a covert entry technique used to generate a working key for a lock given only information obtained by manipulating a blank key in a lock.
Unlike lockpicking, impressioning creates a fully working key for the lock which can be used to lock and unlock the cylinder at will. With practice, his technique can consistently create a key in 10-15 minutes (and potentially faster)!
This will be a full, hands-on workshop on this technique.
From regular furniture to geodesic domes. Pallet furniture and other upcycling projects.
Best practices and how-tos concerning working with pallets and IKEA resources.
How to hack your rental apartment deposit free.
With an extra of: why you shouldn't repair your ceiling for free (and I did it anyway)
More info will follow as soon as we receive a synopsis.
PubQuiz
Whisky Tasting
You can enter this room (during office hours) if you want to play the CTF, maybe need a hint or help and meet with the awesome NFIR team that puzzled together this CTF for you.
Lockpicking is the art of manipulating a lock open without damage to the mechanism. We use the sound and feel to gain insight to help us defeat the system. The Open Organisation Of Lockpickers (Toool) has been teaching the skill for several decades. This talk, however, won't be your standard lockpicking talk as the methods are highly experimental and some of them (barely) work. It will be an insight in advanced lock technology, and the unique attempts to defeat them.
Happy with Bleach & finish the resin jewellery (and pick it up)
Coming soon.
[TLP:RED] In 2022 heeft een van de meest spraakmakende hacks plaatsgevonden uit onze carriere. Deze hack was zo geraffineerd dat velen zullen denken dat dit bedacht is. Toch is er geen woord van gelogen of overdreven. Het incident begint al in 2021, vanaf 2022 raakt NFIR hierbij betrokken. Vanaf dat moment gaan we vol de strijd aan met een hacker (groep?). Hoe dit uitpakt, kom maar luisteren.
Dubbed “one of my long-running projects” by Dennis himself, Shoot ALL the hackers is a familiar recurring part of HackerHotel. If you like you can have your picture taken here.
See more details of Dennis’ project here: https://hack42.nl/wiki/Gebruiker:Dvanzuijlekom/Shoot_ALL_the_Hackers
This is a very special workshop on IMPRESSIONING, a covert entry technique used to generate a working key for a lock given only information obtained by manipulating a blank key in a lock.
Unlike lockpicking, impressioning creates a fully working key for the lock which can be used to lock and unlock the cylinder at will. With practice, his technique can consistently create a key in 10-15 minutes (and potentially faster)!
This will be a full, hands-on workshop on this technique.
Most developers are aware of the term CI. It stands for Continuous
Integration. However most other hackers are not aware how it can help them in their
workflows.
CI helps improve quality, guard against unwanted and unexpected changes
and secure guarantees on promises made. CI helps you find issues before
they become problems.
Why let the developers have all the fun, while pentesters, auditors,
authors, hardware hackers and even knuffelhackers can benefit too?
Let's start with the basics and in the end CI ALL THE THINGS !!
Based on the insights of 'Deepwork' by Cal Newport and 'When' by Daniel Pink combined with human biology and common sense, Nancy experimented with different teams to figure out the perfect timing within a specific team.
This talk will cover hormone levels, neurological insights and chronotypes that influence the best timing to do certain meetings at certain times.
You might want to give your team a heads up about a new meeting structure after hearing this talk…
The talk will cover the basics of the Windows Registry and its structure, including the different hives (e.g. HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER) and their purpose. We will then delve into the different ways the registry can be accessed, both locally and remotely, and the information that can be gleaned from these operations. We will also examine the potential information leakage that can occur and provide examples of interesting information that can be gathered from a remote system, such as installed software, configuration, and user activity. This information can be used by red teams to gain a deeper understanding of target systems, identify vulnerabilities, and plan successful attacks. We will share some interesting findings that we came across relating to information leakage, lateral movement possibilities via the registry (bypassing remote UAC), as well as ADCS (Active Directory Certificate Services).
Pim, Sake and Nikolett will talk about creating this years Hackerhotel 2023 Badge.
About the design, logistics, who helped, what didn’t work out well , puzzle challenges, tips and tricks.
Ten years ago the Dutch government first recognized Responsible Disclosure: you can hack as long as you do it for the common good and stick to some guidelines. In 2019 the Dutch Institute for Vulnerability Disclosure was founded to give these helpful hackers a foundation to work safely with a common identity, Code of Conduct and have fun. (DIVD 1.0) Ever since, we scan the whole internet for vulnerabilities and report them to the ones who can fix them and do it for free.
In 2022 the institute has grown immensely in numbers, impact, funding and recognition. So, we hired staff, got an office, built our own IT and administration and formalized processes (DIVD 2.0). In order to make our mission sustainable, we need to professionalize vulnerability disclosure even more.
On September 26th 2022 the Dutch parliament voted to support hacker collectives. DIVD welcomes the offer, but how to proceed while keeping the most important thing it all started with: the hacker mindset and creativity? Help us design DIVD 3.0
Can you trust the Dutch government? In this talk, I'll talk about the cryptography of attribute-based credentials which are used in the CoronaCheck app. You'll learn how this system improves your privacy and we'll reason about what and whom to trust.
The website basisbeveiliging.nl publishes security issues of the Dutch government, actively naming and shaming organizations that are insecure. This approach has helped fix 10.000’s of security issues and counting, which is not bad for a small volunteer organization. We’re doing this for a while now and times for basisbeveiliging have never been better. Our last talk about this was in 2019, so a while ago. This talk gives a short overview of developments of basisbeveiliging up until 2023. Finally it calls out for those who’d like to volunteer with us into torturing persuading the government to reform and improve.
MCH2022 happened, which was a small miracle. So... how did we all do? This talk gives a short overview of the past, present and future of the event.
Questions answered during this talk might be:
- Where is that awesome drone footage?
- What are the stats?
- How did the event do financially?
- What are the loose ends?
- What's next for 2025?
- Will 2025 happen at all?
- What is the answer to the Ultimate Question of Life, the Universe, and Everything?
Of course: not all answers to these questions are final, if answered at all. So if you can't make it for this talk, don't worry.
Closing talk with NFIR CTF award ceremony and Tesorion Placemat Puzzle price give away.