This workshop showcases Vectra's threat detection across a hybrid attack landscape. You will participate in a Capture the Flag challenge to see how Vectra handles complex threats spanning network, cloud, identity, and SaaS environments. The focus will be on Vectra's capability to identify and mitigate a range of cyber threats rapidly, providing you with an in-depth understanding of Vectra's role in safeguarding diverse digital ecosystems.
In this workshop, participants will receive a brief introduction to the demoscene and competitions like 'byte jams.' The demoscene, originating in the '80s and '90s with affordable home computers like the Commodore 64 and Amiga, persists today, using these machines at demoparties to create 'retro' demos. Modern hardware allows running fantasy consoles like TIC-80, providing a retro feel but programmed with contemporary languages such as Lua, Python, and JavaScript. The hands-on session will focus on programming the TIC-80 with Lua.
Upon completing the workshop, attendees should be capable of crafting their first simple TIC-80 demo or participating in events like the 'byte jam.' To fully engage, bring a laptop and install TIC-80 beforehand.
Altijd al willen leren lockpicken? The Open Organisation of Lockpickers kan je hierbij helpen in deze workshop!
Off the record room and this needs more characters but there is not much more to say.
OpenKAT aims to monitor, record and analyze the status of information systems. This workshop learns you the basics of OpenKAT: how to set it up, how to create your own reports and setup data. The focus is on getting hands-on practice and get it running yourself.
We always knew it coulde happen, and thus that it, accoording to Murphey's law, would happen. A member of DIVD got arrested in relation to computer crime. And about a year ago it did, Pepijn van der S. got arrested.
In this (no press) talk we will walk you through the events that happened, the impact they had on our organisation and the lessons we learned.
Making a cool circuitboard cover for an old skool paper notebook
Lets talk about battery's!
Li-ion, salt, H2 or LFP, veel systemen zijn er op dit moment beschikbaar of komen beschikbaar. Alleen zijn er nieuwe regelgevingen op de loer en wordt de positie van de netbeheerder belangrijker. Welke ontwikkelingen zijn er en hoe vormt het zich?
Ik neem jullie mee in mijn reis waarin ik een thuisbatterij heb gebouwd. Tijdens mijn presentatie deel ik basale informatie welke ik ook deel met mijn klanten.
Kleine discussie is leuk, maar houd de temperatuur in de gaten, geen thermal runaway ;-)
An overview of the new maps and new metrics added in 2023, and what it did.
This workshop will give you a hands on introduction to the Fediverse, we will show you how to use Matrix, Mastodon, Peertube and Pixelfed on your own Phone, Tablet or Computer.
YOU can be a DJ too ! The 1234 2234 3234 4234 of mixing music.
NFIR is delighted to announce we are organizing the Hacker Hotel Capture The Flag competition again! We are pleased to bring the CTF competition to such a great event for the second year in a row, offering participants a great experience, the chance to showcase their skills, and win fabulous prizes. Don't miss out on this exciting opportunity to learn from industry experts, connect with your fellow hackers, and make lasting memories. Visit https://haho2024.ctfd.io/register now to sign up and secure your spot for the competition.
Opening and welcome by Dimitri Modderman
More information will be added soon, or not...
WOOt do we want? Freedom for our software! When do we WOOnt it? Now! This talk is about the journey into opensourcing software used and made by our governement. We will introduce you to the Wet Open Overheid (WOO) and explain how this law allows you to request the source of certain software. Then we’ll provide you with a step-by-step guide how you can woo (yes, that’s a new verb we made up) software of your interest and in which cases you may want or not want to do so. This may all sound nice in theory but Mendel will of course also tell you about his personal journey of requesting the DigiD code base and how this eventually lead to opensourcing the complete code base.
In contrast to this lovely abstract, the talk will be in Dutch.
More and more decisions are made or prepared automatically, with "computer says no" making it really harmful at crucial moments. For many people, it is then unclear whether you have rights and what those rights are. Yet there are steps you can take to successfully fend for yourself. This talk lays out some hacks and will be the presentation of the report 'Computer says no, but the law says yes'.
Party-time ! Party-time ! Party-time !
Join us for the evolution of the AV team and provide your fellow hackers with awesome content of HackerHotel.
How to data hording and anti counter measure for beginners
Online or not online that is the Question ?
A way to opt out and how to from long forgotten vendors
Different ways to get out data leaks searches
This talk explores the concept of hackersguilds, groups of engineers collaborating to enhance internal information security. Through various activities such as answering inquiries, conducting internal pentesting exercises, and participating in CTF competitions, hackersguilds empower engineers to actively contribute to an organization's security efforts. The talk provides practical insights into initiating and nurturing hackersguilds, fostering a collaborative environment that taps into collective expertise. By leveraging hackersguilds, organizations can enhance resilience against cyber threats and foster a culture of continuous learning. Attendees will gain a comprehensive understanding of hackersguilds' potential for a more secure future.
You can hack all sorts of things. Software, hardware. But being a hacker, what makes more sense than to hack oneself? Hackers have been turning themselves into bionic man, but we can also just hack our brain, using just out brain. I am talking about lucid dreaming: dreaming while you are aware of doing so and able to shape your dream. This talk will discuss what we know so far about lucid dreams and how they relate to other special states of the mind. The main focus will be on how to hack your own mind to start experiencing lucid dreams, what you can do in them, and how they differ from real life.
Tegenwoordig heeft 1 op de 7 mensen die werken beginnende of gevorderde burn-out klachten. In 2017 werd het bij mij geconstateerd en de weg naar (bijna volledig) herstel was behoorlijk lang. Toch had ik het kunnen voorkomen, mits ik had geweten waar ik op moest letten.
Back by popular demand: LED jewelry made from epoxy resin! We will be making necklaces and also brooches this time.
Red Teaming in operational technology (OT) networks is crucial for the cybersecurity of our critical infrastructure. This approach goes beyond identifying vulnerabilities, aiming to understand networks deeply and learn from actual attacks, thereby enhancing overall cybersecurity resilience.
Social Engineering 102: Hacking influence.
How to get people to trust your judgement.
Een introductie tot malware analyse voornamelijk WannaCry.
Get the latest news from Kharkiv, Ukraine and from our volunteer project
Mechanical safe locks are quickly replaced with their electronic counterparts. While there are many benefits, the security implications are far less understood than the mechanical systems. Jan-Willem collects and researches electronic safe locks and will share his thoughts. From dumping chips with lasers to locks which can be opened with ketchup.
Moved to the Hacker Room, Erasmus.
In this workshop we'll learn the basics of tape art.
Feel free to bring an images of line art (straight lines work better than curves) or pixel art. (Think more space invaders, not full HD)
There are people among our community that decide to write a book and some of those decide to write a book about locksport. What is that you say? Well ask them all about it in this session! And you can buy one too because the book gets released days before HackerHotel!
What is this DES and why is it bad? Should I always use AES-256, bigger is better right? Who are these RSA-dudes in the first place and why do I need 25519 elliptic curves in my life? Is quantum really that bad for encryption and what can I do about it?
If these are questions keeping you up at 05:00, then this talk might be for you!
Ham radio is a nice hobby, with a bit of overlap with the hacker community.
It's a very technical hobby, with a lot of variation. Much more than an Old Man talking on the radio all day.
Nico Dekens a.k.a Dutch_OSINTguy, a renowned open source intelligence professional, has noticed recurring patterns in
content created using artificial intelligence. He demonstrates how he has used OSINT tools and even
basic search engines to locate and identify online accounts that appear to be using autogenerated
website content, social media posts, reviews, and hate speech.
Anyone can draw! If you disagree with this statement, you might ALSO want to join this workshop.
Sketchnoting, also commonly referred to as visual notetaking, is the creative and graphic process through which an individual can record their thoughts with the use of illustrations, symbols, structures, and texts.
I have been sketch noting for quite some time now (maybe you have seen me doing in at earlier Hacker Hotels :) ) and this workshop will provide you with the basic skills to start sketch noting yourself!
In security one of the biggest changes will be the fact that on Oct 17th a lot of organisations need to have implemented. A big challenge for many organisations who haven't got a clue. But what do you need to do? And what does that mean?
One of the solutions maybe to take a feline approach to NIS2 and fulfill parts of the compliance needs with OpenKAT. Not just for organisations, but also for software solutions that are used with in the chain.
In this talk the main points of NIS2 will be explained as well as the parts where automation with OpenKAT can make a change.
Dive into the World of Cybersecurity Excellence with DIVD Academy: A Journey of Skill Enhancement and Threat Mitigation. This talk explores the pivotal role of DIVD Academy in shaping cybersecurity professionals, fostering skill development, and equipping individuals to combat evolving digital threats. Discover the cutting-edge training methodologies, industry insights, and real-world scenarios that make DIVD Academy a cornerstone in the pursuit of cybersecurity mastery. Join us as we unravel the transformative experience awaiting those who embark on the DIVD Academy adventure.
When we talk about tech stacks we usually think about big organizations running systems, but in the current day and age we too have a large digital footprint. In this talk we will go over mapping out our personal tech stack and start identifying any threats that could be useful to help prevent stalking and harassment, or at least be aware of the risks you encounter so you can make informed choices about data that you share.
You know those people that take a balloon, inflate it and after some twisting, turning, and some squicky noises they end up with a balloon creature that makes kids really happy?
You could be one!
Because, baloon folding isn't that hard, actually.
I have the balloons, instructions and will actually try to teach during this workshop as well.
Are you an adult and know how to do this, I could sure use some help to survive the chaos ;)
Laguages spoke: Dutch, English
Spoken poorly: German
Barely spoken: French
Altijd al willen leren lockpicken? The Open Organisation of Lockpickers kan je hierbij helpen in deze workshop!
The Dutch Electoral Council has asked a bunch of nerds to help them with new software for the elections. What is needed and how can you help?
In this talk i will share the plans of the Dutch government on building a quantum computer resistive infrastructure. The government actually started last year with its program. Whats the plan of the central government now and in the next years, nation wide and internationally.
YOU can be a DJ too ! The 1234 2234 3234 4234 of mixing music.
Only for people part of or interested in becoming part of the MCH2025 badge team. Interested in joining? Please contact us by joining our Telegram group, then ask about the 2025 team: https://t.me/+StQpEWyhnb96Y88p
Nancy and Chantal want to talk about being an ally in the community.
Learn how to breathe fire with Frank. Frank will explain the techniques. Ofcourse this will be outside the hotel , around the back/side of hotel on the grass.
How organisations adopt buzzwords from the market and incorporate them into tenders, RFPs etc.
The infamous hackerhotel pubquiz! With a wide variety of topics!
Whisky Tasting by RedTeam Cyber Security B.V.
Party-time ! Party-time ! Party-time !
wat is een gastic bypass , de voor en na delen en de risico's op een rij
Ransomware is still a serious threat to a lot of people and organisations and nowadays using more and more advanced techniques. And now also with new open AI technology, criminals are able to organise a sophisticated attack in minutes to target you and steal your data.
This talk will tell us what Ransomware actually is, who’s writing the code and making money out of it, it shows us a bit of the Ransomware history and what types are out there, to better understand what we’re dealing with. And explain all of the ransomware attack stages and what you can do in terms of detection and defence inside your security operations.
For the security analysts out there this talk will be beneficial when looking for traces Ransomware attacks are leaving behind. Including a demonstration of a Ransomware scenario making use of open AI technology in a sandboxed environment and show all of the attack stages to learn and recognise the IOCs in a Red and blue teaming scenario.
This ain’t everything. I’ll show what kind of information ransomware groups are sharing and what happened when a random organization was hit by a ransomware attack and their sensitive information was published on the dark web..
Critical infrastructure like data centers needs to be well protected. While there is lots of cyber security knowledge around at Hacker Hotel, in this talk we want to share knowledge on the physical security side of protection. Physical security measures are mostly controlled by PLC's. Thus physical security bears cyber risks as well.
[TLP:RED] In deze talk neemt A. je mee in een bizarre ervaring waarbij hij in 2022 ten onrechte door de politie is aangemerkt als een verdachte in een phishing onderzoek.
We all love bedtime stories, and these stories are even better when they turn into reality. This cinderella story is about how a big vendor rolled its own algorithm to "encrypt" its firmware images to deter poor hackers like us from fiddling around and potentially uncover flaws. But what if your motive is not to uncover potential flaws, but simply to agnostically fingerprint devices left vulnerable on the internet?
Join us into a semi-deepdive of reverse engineering the Fortigate firmware "encryption" to satisfy our own curiosity, but also to make the web that little bit more secure by fingerprinting vulnerable devices in a non-obtrusive manner with the endgoal of notifying the related parties.
DIVD is known for notifying parties running vulnerable software on the IPv4-space. Members of DIVD have given many presentations on this process, but never on the practical approach to ethically confirming the vulnerability in hosts on this scale. During this workshop, the audience is taken along DIVD's fingerprinting process including the practical and ethical considerations of accurate identification. By leveraging Open-Source Intelligence (OSINT), the participants are guided through practical examples of fingerprinting and deweaponizing exploitation of vulnerable software with the goal of finding vulnerable instances at scale.
Hackerspace Pixelbar was once the hottest hackerspace in the Netherlands, things happened and awesome people gathered once again to fix things.
An engineer buys a camera in a second hand store, and finds herself bringing back a defunct film format.
We all have seen spy movies where mechanical safes are dialed open by listening to the 'clicks'.
This workshop teaches you step by step on how to manipulate a mechanical safe lock.
Van een defecte UPS tot een autonome huisomgeving die zelf energie inkoopt en verkoopt op de meest gunstige en voordelige momenten.
Meet Acme, a wonderful company where nice people make beautiful things... and then management and sales want nice statistics.
This is a fun and easy way to make your own personal wax seal stamps. You will get to test them and take your results home!
I call myself "The Lamest Hacker You Know". I don 't use Kali, 0days, Burp Suite or any tools besides Curl, A browser, and clients for existing software, combined with (semi) open data sources. Probably 90% of my findings are for companies that don't have a CISO an never even heard the term "Bug Bounty Program", In this talk I will give some tips on how to reach out to a company out-of-the-blue and not have them hate you.
Als je je eigen opsporingsteam krijgt, dan doe je het pas goed. Piraterij van muziek en films was midden jaren 90 zo groot dat 1 op de 4 verkochte cd's illegaal was. De piratenmerken waren bekend in ieder huishouden. De tientallen merken werden aangevoerd door MTV en Twilight. Hoe groot was het nou echt: dat zie je pas als je alles gaat verzamelen. "And so we did": duizenden cd's, tapes en DVD's later is het tijd om eens te duiken in verhalen achter het archief. De collectie is nu te zien in het Homecomputer Museum in Helmond.
Our workflow, challenges and other fun things
Closing talk of Hackerhotel 2024 with NFIR CTF award ceremony.