BEGIN:VCALENDAR VERSION:2.0 PRODID:-//BornHack Website iCal Generator//bornhack.dk// NAME:BornHack 2017 X-WR-CALNAME:BornHack 2017 BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170822T103000Z DTEND:20170822T113000Z DTSTAMP:20260417T075715Z UID:15033978-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:Hello World DTSTART:20170822T210000Z DTEND:20170822T213000Z DTSTAMP:20260417T075715Z UID:15034356-0067-4a38-9f15-ba7f74778b68 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/hello-world/\n\ nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nThe BornHack team would like to welcome you to this years BornHack event. We will walk over changes to the schedule\, facilities\, and other information about the ev ent itself.\n\nThis is also an excellent opportunity to meet the organisin g team. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Bringing method to justice: lawful hacking in the EU 2017 DTSTART:20170823T093000Z DTEND:20170823T103000Z DTSTAMP:20260417T075715Z UID:15034806-0061-19f6-55c3-36c34c4241b0 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/bringing-method -to-justice-lawful-hacking-in-the-eu-2017/\n\nSpeaker(s): Amelia Andersdot ter\n\nRecorded: No\n\nStreamed: No\n\nCovert disruptions of computer syst em security has developed into being a popular law enforcement tool for br inging the bad guys to justice since the entry into force of Budapest Conv ention. In spite of several attempts to codify in Swedish law a right for law enforcement officers to use this tool since 2005\, the exact legal pro cedure has not materialised. But the latest and strongest attempt yet to p rovide law enforcement with such tools is due to be presented in September and November of 2017. \n\nThis talk covers the activist project to insert strong consumer and individual protections in the law that afford to law enforcement officials hacking as an investigatory method. It will also tal k about the ways in which the campaign attempted to maintain contact with the public government inquiries over the year\, and put the Swedish develo pments in a European context in light of covert surveillance methods being discussed in the EU since 2016. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170823T103000Z DTEND:20170823T113000Z DTSTAMP:20260417T075715Z UID:15034842-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:Introduction to the Bornhack badge DTSTART:20170823T113000Z DTEND:20170823T123000Z DTSTAMP:20260417T075715Z UID:15034878-0069-0338-e118-7a40046449ec DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/introduction-to -the-bornhack-badge/\n\nSpeaker(s): Esmil\, Flummer\n\nRecorded: No\n\nStr eamed: No\n\nThe badge for this years Bornhack is a bit more advanced than the one last year\, and we have tried hard to make it really accessible f or everyone to hack. In this talk\, we will go through the hardware and so ftware and give an overview of the different parts and a bit about how to use them.\n\nWe will also take a look at what it took to make the boards a nd why we have designed it in this way.\n\nThe talk will be a combination of hardware and software topics. If you want to do any kind of hacking of your badge\, this will be a good start. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Badge hacking workshop DTSTART:20170823T123000Z DTEND:20170823T133000Z DTSTAMP:20260417T075715Z UID:15034914-0078-9000-d2c2-5054a4044a72 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/badge-hacking-w orkshop/\n\nSpeaker(s): Esmil\, Flummer\n\nRecorded: No\n\nStreamed: No\n\ nIf you would like a little bit of help getting started hacking your badge \, stop by for this informal workshop. If you need help with the toolchain or maybe a bit of guidance on connecting a sensor or wireless module\, we will be happy to help out. LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:10Gb Network Hacking and Fun for offensive and defensive purposes DTSTART:20170823T133000Z DTEND:20170823T143000Z DTSTAMP:20260417T075715Z UID:15034950-0091-186f-8625-b7c4c246c891 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/10gb-network-ha cking-and-fun-for-offensive-and-defensive-purposes/\n\nSpeaker(s): Kramse\ , aka Henrik Kramshøj\n\nRecorded: No\n\nStreamed: No\n\nNetworking is a big part of the Bornhack event. We are a lot of people interested in makin g the most of networks\, so we work with the hardware and software.\n\nSpe cial focus this year will be on 10Gbit Ethernet devices of which some adva nced devices are brought by Napatech.\nThe goal will be to allow you to le arn and work with intelligent network adapters. So sending and receiving h igh-speed - think 10Gbit small packets for offensive and defensive purpose s.\n\nWe will be located near the NOC team and tent\, and have a setup whe re people can work independently after a common introduction we will do on e of the first days.\n\nKeywords: Intel 82599\, 10Gbit\, Junos 10Gbit inte rface filters\, firewalling 10Gbit\, Suricata 10Gbit\, Bro\, pktgen ...\n\ nWe will be at the Network Warriors village LOCATION:NOC Tent END:VEVENT BEGIN:VEVENT SUMMARY:Surveillance in our work-life DTSTART:20170823T133000Z DTEND:20170823T143000Z DTSTAMP:20260417T075715Z UID:15034950-0068-2d27-b948-a5a574b6cb0c DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/surveillance-in -our-work-life/\n\nSpeaker(s): Mikkel Hammer Nonboe\n\nRecorded: No\n\nStr eamed: No\n\nDigital surveillance is everywhere. Logging\, monitoring and predicting of you\, me and our neighbors are routinely occurring in our da ily lives.\n\nWhile we as activists are good at pinpointing statewide surv eillance from NSA and GHCQ\, we tend to ignore the surveillance which happ ens in our work-life.\n\nAs activists and workers we must begin to respond to thoose threats\n\nBecause the newest trends from HR-departments\, recr uiters and bosses are all pointing in the same direction.\n\nMore surveill ance\, more knowledge about you and with a loss of your power at the work- place.\n\nAlready now large knowledge companies monitor their employees’ actions\, browser history and worktime to predict if you are considering seeking another job or are you thinking about having another child.\n\nWha t will happen to your career if your boss knows this ?\n\nDanish nurses ar e being chipped with location-devices so it’s easier to respond with pat ients. The data will be collected by a "privacy by policy" and then hopefu lly it will not be misused.\n\nIn the talk Mikkel will discuss:\n\n- How f ar reaching is surveillance in our work-life\n- What will happen when our bosses can predict our careers\n- How to we take control of our own data a t the work-place LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Bornhack On The Air: Playing with ham radio DTSTART:20170823T143000Z DTEND:20170823T153000Z DTSTAMP:20260417T075715Z UID:15034986-0071-171b-29cd-b77cbd4ce594 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/bornhack-on-the -air-playing-with-ham-radio/\n\nSpeaker(s): Jesper Hess Nielsen\n\nRecorde d: No\n\nStreamed: No\n\nAs a licensed ham\, it's always fun to make conta cts over the air. I'll be bringing my HF transceiver with some form of por table/temporary antenna setup.\n\nSetting up a ham shack in a new environm ent with a makeshift antenna and still being able to talk to people thousa nds of kilometers away is fun and challenging. If you have a license I'll gladly let you operate and log a few QSOs either under your own call or un der my new event/DX/contest call sign (5P2Z) that I will premiere at Born hack. And if you don't yet have your ham license but would like to have a go getting on the air\, you can get to operate under my call sign as long as you're under supervision. LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Organising BornHack DTSTART:20170823T143000Z DTEND:20170823T153000Z DTSTAMP:20260417T075715Z UID:15034986-0069-429e-93d1-2f1204d9399a DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/organising-born hack/\n\nSpeaker(s): Thomas Steen Rasmussen\n\nRecorded: Yes\n\nStreamed: Yes\n\nIn the year from the idea for BornHack was spawned in 2015 to the f irst event in 2016 we learned a lot about organising an event\, working wi th suppliers\, volunteers\, authorities and so on. Most things went very w ell and BornHack 2016 was great\, but the workload for the organisers was too high\, and our website and infrastructure was not ready to support mul tiple events.\n\nFor BornHack 2017 we had to make our website "multi-event capable" while maintaining permanent and semantic URLs so the content for previous camps will always remain available. We also added team/volunteer handling\, speaker and event submission\, and a lot of other things to sa ve organiser time. Our website is built on Django and the code is availabl e at https://github.com/bornhack/bornhack-website\n\nExpect an unstructure d and fun talk with battlestories from organising BornHack mixed in with t echnical details from building a system with cutting edge Django features like Channels and websockets. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Understanding Gentoo Hardened DTSTART:20170823T153000Z DTEND:20170823T163000Z DTSTAMP:20260417T075715Z UID:15035022-0061-265b-73f5-7f398f46abaa DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/understanding-g entoo-hardened/\n\nSpeaker(s): klondike\n\nRecorded: Yes\n\nStreamed: Yes\ n\nGentoo Hardened is a GNU/Linux distribution focused on making attacks h arder to succeed.\n\nIn this talk we will cover the different ways in whic h Gentoo Hardened allows you to reduce or mitigate the risk of known attac ks techniques and will also explain how other techniques can be used to mi tigate the impact after an attacker carries out a successful exploit.\n\nF inally we will cover how a simple Gentoo Hardened install differs from a n ormal Gentoo install and explain what is the current situation after Grsec stopped publishing patches and how to keep your kernel up to date for the interim.\n\nDuring the camp\, there will also a Gentoo Hardened developer available to give you a hand during install.\n\nTalk schema:\n* Userspace hardening\n- SSP\n- PIE/PIC (and ASLR)\n- -D_FORTIFY_SOURCE=2\n- RELRO an d full binding\n- StackCheck\n* Kernel hardening:\n- ASLR and KSALR\n- UDE REF\n- RAP\n- NX memory and RWX restrictions\n- Reference counter overflow prevention\n- Free memory/kernel stack sanitization\n- Constification and RO memory\n- Bounds checking on transfer\n- Userspace restrictions of pri vileged operations\n- Information hiding\n- Brute force deterrence\n- Modu le autoloading prevention\n- Chroot jails\n- MACs (SELinux/RBBAC/RSBAC)\n- ptrace restrictions\n- Blackholing and LAST_ACK protection\n- Active kern el exploit response\n- Kernel auditing\n* Choosing a hardened kernel:\n- M inipli's sources\n- linux-hardened sources\n- Vanilla/Gentoo sources and K SPP\n* Differences when installing Gentoo Hardened LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Automatic for the Robots - about automatization\, disruption and t he great techno-industrial-silliconspiracy DTSTART:20170823T163000Z DTEND:20170823T173000Z DTSTAMP:20260417T075715Z UID:15035058-0069-7eb8-2323-6f9844fe3ada DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/automatic-for-t he-robots-about-automatization-disruption-and-the-great-techno-industrial- silliconspiracy/\n\nSpeaker(s): Anders Kjærulff\n\nRecorded: Yes\n\nStrea med: Yes\n\nAll political leaders in Europa has but one thing on their min d: Speedy Growth! And of course there is someone ready to deliver exactly that in large dosis. \nSilicon Valley is currently spreading the message o f exponential thinking\, massive growth and even the promise of true SINGU LARITY by the year 2029(though rumours say\, it MAY be postponed). \nGoogl e is calling the shots\, arranging conferences for political leaders and p rinting reports with enchanting names like ‘INDUSTRY 4.0’\, 'SMART CIT IES' and promising growth rates of up to 40 percent in no time!\nBut of co urse there is a backdrop to all this: Massive unemployment caused by robot s and Articifical Intelligence is both to be expected AND adored at the sa me time in the name of relentless PROGRESS. \nBut who really benefits from this so called unstoppable\, DISRUPTIVE future? \nAnders Kjærulff gives his version of nightmare digitalization\, where it might lead us\, and as ks: Do we really have to go along with this? LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Hacker Jeopardy (Round #1) DTSTART:20170823T200000Z DTEND:20170823T213000Z DTSTAMP:20260417T075715Z UID:15035184-0061-27da-bc18-80210f4cf192 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/hacker-jeopardy -round-1/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nFour teams of up to 3 persons compete in a game of classical jeopardy!\n\nSubmi t your teams to info@bornhack.dk with your team name! LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Bornhack CTF Prologue and Introduction DTSTART:20170824T083000Z DTEND:20170824T093000Z DTSTAMP:20260417T075715Z UID:15035634-0061-2576-903e-0ddf464c3d9e DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/bornhack-ctf-pr ologue-and-introduction/\n\nSpeaker(s): Xiao\, kriztw\n\nRecorded: No\n\nS treamed: No\n\nIntroduction to CTF (capture the flag) hacking competitions \, with focus on the Bornhack CTF that will commence soon after this talk. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Digital research as a political tool DTSTART:20170824T093000Z DTEND:20170824T103000Z DTSTAMP:20260417T075715Z UID:15035670-0061-22e0-2366-cb7f8e4df28a DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/digital-researc h-as-a-political-tool/\n\nSpeaker(s): Researchkollektivet Redox\n\nRecorde d: No\n\nStreamed: No\n\nHow can digital research be used as a political t ool? \nSince 2005 the researchcollective Redox has used a wide variety of digital (and analogue) tools to investigate and map the extreme right. The information has been published both on redox.dk and in various mainstream media outlets. In this speak\, members of Redox will present how their di gital research has played a part in fighting the extreme right in Denmark\ , how fascist organizations has suffered from the exposure and what the po tential (and limits) of digital research as a political tool is. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170824T103000Z DTEND:20170824T113000Z DTSTAMP:20260417T075715Z UID:15035706-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:Modern Fiber Demo DTSTART:20170824T113000Z DTEND:20170824T123000Z DTSTAMP:20260417T075715Z UID:15035742-0010-130d-2f17-ea00b59447c8 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/modern-fiber-de mo/\n\nSpeaker(s): Bornfiber\n\nRecorded: No\n\nStreamed: No\n\nBornfiber will demonstrate how modern fiber equipment works. They will bring compres sors and do a live demo of blowing fiber into empty tubes. Come see how th e layer 1 part of modern internet connections is built! LOCATION:Family Area END:VEVENT BEGIN:VEVENT SUMMARY:physical entry for red teams DTSTART:20170824T123000Z DTEND:20170824T133000Z DTSTAMP:20260417T075715Z UID:15035778-0061-01f2-3722-c79faa4b7cbf DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/physical-entry- for-red-teams/\n\nSpeaker(s): knud\n\nRecorded: No\n\nStreamed: No\n\nThis talk will go over what to do when you require access to a network where p erimeter defenses are functioning well. An overview of destructive and non -destructive entry methods will be provided\, as well as some displays of common door and lock deployment fails. Flaws\, how to exploit them\, and p otential countermeasures will be covered. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Fiber tapping: A practical approach DTSTART:20170824T133000Z DTEND:20170824T143000Z DTSTAMP:20260417T075715Z UID:15035814-0061-029b-0e76-f7d38847d781 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/fiber-tapping-a -practical-approach/\n\nSpeaker(s): Erik Bidstrup\n\nRecorded: Yes\n\nStre amed: Yes\n\nThis talk gives an overview of available methods for fiber ta pping\, suggestions on how to gain physical access to the cable infrastruc ture\, and a brief summery of available counter measures. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Beyond our own noses -- context to an ongoing revolution DTSTART:20170824T143000Z DTEND:20170824T153000Z DTSTAMP:20260417T075715Z UID:15035850-0061-0574-f403-75310e45a9b6 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/beyond-our-own- noses-context-to-an-ongoing-revolution/\n\nSpeaker(s): daniel domscheit-be rg\n\nRecorded: No\n\nStreamed: No\n\nThe digital revolution is warming up its engines. This community knows better than most others how much it is going to turn every stone and change the world as we thought we knew it. W ith this kind of change comes as much challenge as potential\, as much ris k as there are chances. It is our generation and the generation of the you ng ones we are bringing to this event\, to shape a future that will cater to our needs as a society and that will make use of the positive potential s digitization can bring while making sure we are not turning the world in to a full-on nightmare of surveillance and social injustice.\nVery often i t is hard to see the wood for all the trees\, so this talk will put the th ings into a broader perspective. It will focus on providing context for a revolution which certainly is unique in detail but follows a historic patt ern\, discuss the broader social side of things and shine a light on where we could to take it from here. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Get IP addresses without leaking identifying information DTSTART:20170824T153000Z DTEND:20170824T163000Z DTSTAMP:20260417T075715Z UID:15035886-0061-15ce-f9b4-1f08544639b9 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/get-ip-addresse s-without-leaking-identifying-information/\n\nSpeaker(s): juga\n\nRecorded : No\n\nStreamed: No\n\nDHCP is a network protocol used to get dynamic IP addresses and network configuration parameters.\nSome or the options in DH CP carry unique identifiers that can used to track the device (mobile\, la ptop) visiting a network.\n\nIn this talk we will explain which are these identifiers\, the new standard addressing those\, the issues with current DHCP client implementations and two implementations that minimize disclosu re of identifying information. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Messaging without Metadata DTSTART:20170824T163000Z DTEND:20170824T173000Z DTSTAMP:20260417T075715Z UID:15035922-0068-5432-56e9-6c5b8406584b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/messaging-witho ut-metadata/\n\nSpeaker(s): Will Scott\n\nRecorded: Yes\n\nStreamed: Yes\n \nSignal has made huge strides in popularizing end-to-end encrypted chat\, but we still lack real-time chat options that protect information about w hen and with whom we're talking. Messaging systems like [Pond](https://git hub.com/agl/pond) have demonstrated practical implementations of hiding tr affic patterns from a network observer\, and research like [DP5](https://p etsymposium.org/2015/papers/14_Borisov.pdf) and [Loopix](http://www0.cs.uc l.ac.uk/staff/G.Danezis/papers/loopix.pdf) have proposed theories for PIR and Mixnet based anonymous messaging systems respectively.\n\nThis talk wi ll survey recent advances in private messaging systems\, with a focus and demonstration of [Talek](github.com/privacylab/talek)\, a system for low-l atency messaging with strong privacy guarantees through PIR. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:The impact of privacy and GDPR on data driven customs in Denmark a nd EU DTSTART:20170824T173000Z DTEND:20170824T183000Z DTSTAMP:20260417T075715Z UID:15035958-0061-13b0-bd7f-ddbd804b7a96 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/the-impact-of-p rivacy-and-gdpr-on-data-driven-customs-in-denmark-and-eu/\n\nSpeaker(s): L asse Grinderslev Andersen\n\nRecorded: Yes\n\nStreamed: Yes\n\nEU has star ted an ambitious project to revise the legislation and related IT-systems used in customs enforcement. In Denmark this work has begun recently with the establishment of an implementation center for customs (Implementerings center for Told) where I was recently hired. One of the goals is to make t he custom\nprocesses more data driven and this is were privacy considerati ons play an important role.\n\nIn in this talk I will try to outline the E uropean customs project seen from a Danish perspective and take a closer l ook at the 'data-driven' part. The emphasis will be on how GDPR affects th is work and potential technical solutions to the challenges that arise. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Hacker Jeopardy (Round #2) DTSTART:20170824T200000Z DTEND:20170824T213000Z DTSTAMP:20260417T075715Z UID:15036048-0061-28e3-c7a8-d971984394bc DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/hacker-jeopardy -round-2/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nFour teams of up to 3 persons compete in a game of classical jeopardy!\n\nSubmi t your teams to info@bornhack.dk with your team name! LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:OpenPGP Key Signing Event DTSTART:20170825T083000Z DTEND:20170825T093000Z DTSTAMP:20260417T075715Z UID:15036498-0077-8fe8-e7ee-e00f74e78977 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/openpgp-key-sig ning-event/\n\nSpeaker(s): Jesper Hess Nielsen\n\nRecorded: No\n\nStreamed : No\n\nLet's do a good\, old-fashioned OpenPGP key-signing event! Perhaps with beer?\n\nThe concentration of OpenPGP users is probably a lot higher at Bornhack than at many other gatherings. So why not use this opportunit y to extend the number of signatures on our public PGP keys?\n\nWe'll meet up at some time during Bornhack and exchange keys and verify each other's IDs so we can generate a tightly-knit Web Of Trust. And hopefully have a beer or two afterwards.\n\nTo submit your key for participation in the eve nt\, do one of the following: \n- Upload your key to the SKS keyserver tha t I have set up for this event\, https://keyserver.ffen.dk. The server and all data on it will be destroyed after Bornhack. \n- Email your public ke y to keysigning@graffen.dk\n- Email me your public key fingerprint at keys igning@graffen.dk and I will download your key(s) from one of the public k ey servers. \n\nWhen we near the day of the event\, I will generate a list of participants and publish it\, to make it easier for everyone to keep t rack of who they have verified and need to sign. LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:NemID DTSTART:20170825T093000Z DTEND:20170825T103000Z DTSTAMP:20260417T075715Z UID:15036534-0061-080a-865d-e42b134e7f90 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/nemid/\n\nSpeak er(s): Thue Janus Kristensen\n\nRecorded: No\n\nStreamed: No\n\nAnalysis o f everything NemID.\n\n- Why NemID is a bad trusted third party model\, le ading to the attack discussed in https://www.version2.dk/blog/nemid-er-ikk e-kryptologisk-sikker-og-myndighederne-er-ligeglade-513303\n- Is this a "t heoretical attack"\, as Nets and Digitaliseringstyrelsen says? (no)\n- Cou ld Nets sign stuff with my private key\, if they wanted to? (yes)\n- NemID and Persondataloven § 41 Stk. 3.\n- Why using a domain from Niue (nemid. nu) is really\, really unprofessional\n- Why the banks' usage of NemID is illegal according to Lov om betalinger §128\n- Attacking NemID using ssls trip\n- etc LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Hacking 802.11 DTSTART:20170825T093000Z DTEND:20170825T143000Z DTSTAMP:20260417T075715Z UID:15036534-0078-8177-adc9-04c2e486a91b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/workshop-hackin g-80211/\n\nSpeaker(s): Christoffer Jerkeby\n\nRecorded: No\n\nStreamed: N o\n\nThis two day workshop covers most of the known and some less known te chniques for gaining knowledge and access to 802.11 infrastructure. The wo rkshop will not cover password cracking\, network monitoring or known wps attacks. The workshop will cover details of firmware exploitation\, remote and local access and data extraction. Attendees of the workshop are expec ted to have previous knowledge of GNU/Linux and Wi-Fi infrastructure. The first session cover local access and the second remote access\, each sessi on take 6 hours.\n\n== Friday - Local (root) access ==\n\nConsole or TTL s erial port\nIdentify and set up known serial port interfaces for console a ccess.\n\nUBoot\nExplore UBoot environments and get to know the most commo n security issues used to gain local root access from a UBoot environment. \n\nQemu \nUsing Qemu to boot an Access Point upgrade images and simulate internal functionality. By simulating the environment of a running AP in Q emu it is possible to extract run-time knowledge from the AP. By applying the proprietary images on top of a "working" OpenWRT image it is possible to port the AP run-time to a virtual environment and eventually port OpenW RT back to the AP.\n\nJTAG and OpenOCD\nSet up and configure a OpenOCD ser ver on the JTAG interface using a standard JTAG debugger (BusPirate or FTD I).\n\nARM GCC GDB\nSetting up a cross compiler to build your own code for the AP. Integrate GDB with the OpenOCD and gain internal knowledge and co ntrol of a running system using JTAG.\n\nDemo\nGaining local root on the A ruba AP series using console TTL or ethernet MITM access.\n\n== Saturday - Remote access ==\n\nPacket injection\nThe Atheros 9k series drivers provi ce support for full MAC layer control in software (and open firmware). THe ATH9K_HTC driver have been altered numerous times to support flooding and packet injections for hostile purposes. Explore kernel module and firmwa re compilation for over the air attacks.\nFor supported devices see: (http s://wireless.wiki.kernel.org/en/users/Drivers/ath9k_htc & https://wikidevi .com/wiki/Ath9k_htc)\n\nRadio jamming techniques\nA rundown on tried and k nown jamming techniques. CTS flooding\, domino attack\, greedy backoff and de-authentication flooding. Trial and error session under the faraday bla nket.\n802.11AC and MIMO training attack discussion and feasibility of dis torted beamforms.\n\nRadio jamming detection\nAn overview of known prevent ive measures against known (layer2/MAC) jamming attacks.\n\nFuzzing the Wi -Fi baseband\nTrying out packetspammer.c to spawn custom 802.11 frames. Tr ansfer packetspammer techniques to scapy and python for automated fuzzing. \nTry out firmware exploitation on broadcom BCM43** series.\nFirmware expl oitation like project zero\nhttps://googleprojectzero.blogspot.fi/2017/04/ over-air-exploiting-broadcoms-wi-fi_4.html LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170825T103000Z DTEND:20170825T113000Z DTSTAMP:20260417T075715Z UID:15036570-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:User privacy and GDPR DTSTART:20170825T140000Z DTEND:20170825T153000Z DTSTAMP:20260417T075715Z UID:15036696-0068-3fa3-0c29-ae9144299b72 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/user-privacy-an d-gdpr/\n\nSpeaker(s): Irina Shklovski\, Martin von Haller\, Niels Enggaar d Lindstrøm\, Pernille Tranberg\, Tessa Paavel\n\nRecorded: Yes\n\nStream ed: Yes\n\nThe EU's General Data Protection Regulation is intended to be a constraint for Big Data monopolies\, but it will also be an opportunity f or sharing data between private and public entities. Therefore\, GDPR will reshape both the market and the public sector's use of Big Data. We are i nterested in discussing how this reshaping will look like\, how does data ownership change\, what are the challenges and opportunities of implementi ng the law and how will user privacy be impacted.\n\nMembers of the panel come from various backgrounds: advocacy group representatives\, journalist s\, academia\, private and public sector. Each speaker will have 10 minute s to present their standpoint\, a panel discussion will follow and 30 minu tes Q&A session. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Hacking Information Security maturity assessment DTSTART:20170825T153000Z DTEND:20170825T163000Z DTSTAMP:20260417T075715Z UID:15036750-0061-1188-ec3a-ccee624de68d DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/hacking-informa tion-security-maturity-assessment/\n\nSpeaker(s): Klaus Agnoletti\n\nRecor ded: Yes\n\nStreamed: Yes\n\nInformation Security maturity assessments are a powerful tool to (surprise!) measure and communicate maturity of Inform ation Security within a business - if it's done right.\n\nCome by and hear how you measure maturity so you get a hollistic view of security that can help you get a prioritized plan to improve security. And - most important ly - how do you communicate this to C-level? C-level is a hard target for a general geek to target\, since they - literally - live on a different pl anet than us. So what language do you need to use to make them understand what the problem is and what it means for them?\n\nIn companies (at least in Denmark)\, the level of security is general is horribly low. Come by an d hear which issues are usually found out there and how to fix them. Commu nication and prividing a practical approach to this play a big role in thi s. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Speak Human: Teaching journalists digital self defense DTSTART:20170825T163000Z DTEND:20170825T173000Z DTSTAMP:20260417T075715Z UID:15036786-0067-627d-688b-3467640b4b2e DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/speak-human-tea ching-journalists-digital-self-defense/\n\nSpeaker(s): Aslak Ransby\, Frej a Wedenborg\n\nRecorded: Yes\n\nStreamed: Yes\n\nAt Bornhack we are all we ll aware of the importance of knowing how to protect yourself and your equ ipment against digital threats. But how do we make users with little or no ne it skills understand it?\n\nIn the past two years we have been teaching digital self defense to journalists all over Europe. We have been working with an approach that goes beyond tools\, focusing on threat modeling and a conceptual understanding of risks and counter measures. In this talk we 'll present the lessons we've learned and how our methods evolved based on our experiences. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Get IP addresses without leaking identifying information: hands on DTSTART:20170825T173000Z DTEND:20170825T183000Z DTSTAMP:20260417T075715Z UID:15036822-0071-149d-8df2-03fa1a49658f DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/get-ip-addresse s-without-leaking-identifying-information-hands-on/\n\nSpeaker(s): juga\n\ nRecorded: No\n\nStreamed: No\n\nThis workshop is a continuation of the ta lk with the same name.\nWe will install the new DHCP client implementation s\, identify any issues installing or using them\, hunt bugs and possibly solve them. LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Tor Relay Operators Meetup DTSTART:20170825T183000Z DTEND:20170825T193000Z DTSTAMP:20260417T075715Z UID:15036858-0089-6fdd-2d26-82a894e45996 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/tor-relay-opera tors-meetup/\n\nSpeaker(s): Alexander Færøy\, Jurre van Bergen\n\nRecord ed: No\n\nStreamed: No\n\nFor people who are currently running or are cons idering to run Tor relay nodes. Let's meet and share experiences\, say hi to each other and have an open discussion about topics related to Tor rela y operations. LOCATION:Bar Area END:VEVENT BEGIN:VEVENT SUMMARY:Italo house evening DTSTART:20170825T193000Z DTEND:20170825T213000Z DTSTAMP:20260417T075715Z UID:15036894-0081-3110-e846-b52e0947fca9 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/italo-house-eve ning/\n\nSpeaker(s): Christoffer Jerkeby\n\nRecorded: No\n\nStreamed: No\n \nA three hour journey in to italo-disco and house music strictly vinyl im ported straight from the future. The duo Amaris and Kugg explore the mysti c grooves\, detailing a future reality when everybody wears goggles\, driv es flying cars and hacks the planet only using brain implants. LOCATION:Bar Area END:VEVENT BEGIN:VEVENT SUMMARY:Hacker Jeopardy (Finals) DTSTART:20170825T200000Z DTEND:20170825T213000Z DTSTAMP:20260417T075715Z UID:15036912-0061-2963-5bf6-e66b234f9cb7 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/hacker-jeopardy -finals/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nThe wi nner teams from the first round competes in one final battle of jeopardy. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Italo house evening DTSTART:20170825T213000Z DTEND:20170825T233000Z DTSTAMP:20260417T075715Z UID:15036966-0081-3110-e846-b52e0947fca9 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/italo-house-eve ning/\n\nSpeaker(s): Christoffer Jerkeby\n\nRecorded: No\n\nStreamed: No\n \nA three hour journey in to italo-disco and house music strictly vinyl im ported straight from the future. The duo Amaris and Kugg explore the mysti c grooves\, detailing a future reality when everybody wears goggles\, driv es flying cars and hacks the planet only using brain implants. LOCATION:Bar Area END:VEVENT BEGIN:VEVENT SUMMARY:Hacking 802.11 DTSTART:20170826T083000Z DTEND:20170826T133000Z DTSTAMP:20260417T075715Z UID:15037362-0078-8177-adc9-04c2e486a91b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/workshop-hackin g-80211/\n\nSpeaker(s): Christoffer Jerkeby\n\nRecorded: No\n\nStreamed: N o\n\nThis two day workshop covers most of the known and some less known te chniques for gaining knowledge and access to 802.11 infrastructure. The wo rkshop will not cover password cracking\, network monitoring or known wps attacks. The workshop will cover details of firmware exploitation\, remote and local access and data extraction. Attendees of the workshop are expec ted to have previous knowledge of GNU/Linux and Wi-Fi infrastructure. The first session cover local access and the second remote access\, each sessi on take 6 hours.\n\n== Friday - Local (root) access ==\n\nConsole or TTL s erial port\nIdentify and set up known serial port interfaces for console a ccess.\n\nUBoot\nExplore UBoot environments and get to know the most commo n security issues used to gain local root access from a UBoot environment. \n\nQemu \nUsing Qemu to boot an Access Point upgrade images and simulate internal functionality. By simulating the environment of a running AP in Q emu it is possible to extract run-time knowledge from the AP. By applying the proprietary images on top of a "working" OpenWRT image it is possible to port the AP run-time to a virtual environment and eventually port OpenW RT back to the AP.\n\nJTAG and OpenOCD\nSet up and configure a OpenOCD ser ver on the JTAG interface using a standard JTAG debugger (BusPirate or FTD I).\n\nARM GCC GDB\nSetting up a cross compiler to build your own code for the AP. Integrate GDB with the OpenOCD and gain internal knowledge and co ntrol of a running system using JTAG.\n\nDemo\nGaining local root on the A ruba AP series using console TTL or ethernet MITM access.\n\n== Saturday - Remote access ==\n\nPacket injection\nThe Atheros 9k series drivers provi ce support for full MAC layer control in software (and open firmware). THe ATH9K_HTC driver have been altered numerous times to support flooding and packet injections for hostile purposes. Explore kernel module and firmwa re compilation for over the air attacks.\nFor supported devices see: (http s://wireless.wiki.kernel.org/en/users/Drivers/ath9k_htc & https://wikidevi .com/wiki/Ath9k_htc)\n\nRadio jamming techniques\nA rundown on tried and k nown jamming techniques. CTS flooding\, domino attack\, greedy backoff and de-authentication flooding. Trial and error session under the faraday bla nket.\n802.11AC and MIMO training attack discussion and feasibility of dis torted beamforms.\n\nRadio jamming detection\nAn overview of known prevent ive measures against known (layer2/MAC) jamming attacks.\n\nFuzzing the Wi -Fi baseband\nTrying out packetspammer.c to spawn custom 802.11 frames. Tr ansfer packetspammer techniques to scapy and python for automated fuzzing. \nTry out firmware exploitation on broadcom BCM43** series.\nFirmware expl oitation like project zero\nhttps://googleprojectzero.blogspot.fi/2017/04/ over-air-exploiting-broadcoms-wi-fi_4.html LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Make it available Offline: Digital divide\, censorship\, and appli cation performance DTSTART:20170826T093000Z DTEND:20170826T103000Z DTSTAMP:20260417T075715Z UID:15037398-0061-0016-bedb-07270241da94 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/make-it-availab le-offline-digital-divide-censorship-and-application-performance/\n\nSpeak er(s): Benjamin Balder Bach\n\nRecorded: Yes\n\nStreamed: Yes\n\nSome peop le say we already lost the fight for a free Internet. But remember what wa s before the Internet? How you listened to music and watched movies *witho ut* having individualized HQ data streamed from thousand of kilometers awa y to your muted browser tab?\n\nBefore streaming\, we used downloads and S neakernet - the idea of data carried by humans (in sneakers). Also today\, the Sneakernet carries an enormous bandwidth thanks to more affordable an d larger capacity storage media.\n\nThere are many reasons to talk about O ffline applications and data\, it's not just “preppers” who are doing it. There are many different ways to use Offline\, and it makes a big diff erence to millions of people – so let’s talk more about it!\n\nBenjami n Balder Bach is a member and volunteer of FAIR Denmark\, an\norganization that reuses ICT equipment and works with educational\nplatforms in offlin e contexts. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170826T103000Z DTEND:20170826T113000Z DTSTAMP:20260417T075715Z UID:15037434-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:Biometric borderworlds: an anthropological exploration of biometri c technologies\, border control\, and EU immigration DTSTART:20170826T113000Z DTEND:20170826T123000Z DTSTAMP:20260417T075715Z UID:15037470-0068-4c41-b5ca-02dc048819c8 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/biometric-borde rworlds-an-anthropological-exploration-of-biometric-technologies-border-co ntrol-and-eu-immigration/\n\nSpeaker(s): Nina Dewi Horstmann\n\nRecorded: No\n\nStreamed: No\n\nBiometric technologies – such as fingerprint imagi ng\, iris scanning\, and DNA testing – are used by European member state s to identify and monitor people seeking entry and/or asylum in the Scheng en area. As more than a million refugees and migrants from the Middle East and North Africa have fled to Europe\, the intersection between these bio metric technologies and border control raises important questions about id entity\, security\, and mobility in contemporary society. What are the soc ial and political impacts of biometric technologies on asylum requests and the practices of immigration officials? How are understandings of citizen ship\, personhood\, and belonging influenced by the introduction of biomet ric scanners? I will share how our "Biometric Borderworlds" project at the University of Copenhagen is using anthropological methods to understand h ow a diverse array of actors (refugees\, immigration officials\, border gu ards\, and activists) experience and interpret biometric technologies. I w ill also discuss the logic of "securitization" that underlies these develo pments\, the privacy rights of refugees and vulnerable groups (personal bi ometric data is collected for migrant children as young as six)\, and why biometric surveillance should be a concern for anyone who believes in a fr ee society. Additionally\, I look forward to hearing more from infosec exp erts & hackers about the security risks of storing this biometric data in centralized databases. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Scratch\, the most strongly-type-safe programming language DTSTART:20170826T123000Z DTEND:20170826T133000Z DTSTAMP:20260417T075715Z UID:15037506-0069-96f6-63b8-ba27e4870b5b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/scratch-the-mos t-strongly-type-safe-programming-language/\n\nSpeaker(s): Ramón Soto Math iesen\n\nRecorded: Yes\n\nStreamed: Yes\n\nIn this talk\, we will be looki ng into how Scratch\, a free visual programming language developed by the MIT Media Lab\, is probably the best and safest language to start teaching kids on how to code given that it's incredibly intuitive for children of a very short age as it abstracts programming into a puzzle and it also pro vides a local language interface for many languages (Danish\, German\, Spa nish\, ...) as most non-Anglo kids don't really know English at a young ag e.\n\nThese are the main reasons for which I state that Scratch is the mos t strongly-type-safe programming language out there\, even for us grown up s.\n\nAs a volunteer at Coding Pirates\, there will be some funny anecdote s on the usage of this amazing language. We might even show some of the games produced by the kids\, including some hacks that they found themsel ves in order to get a max score\, hackers will be hackers\, no matter age . LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Lightning Talks DTSTART:20170826T133000Z DTEND:20170826T153000Z DTSTAMP:20260417T075715Z UID:15037542-0061-068d-0f87-9be07d445c96 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lightning-talks /\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nShow up on th e day and get your 5-10 min. talk added to the schedule! LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:The future of digital security education for human rights defender s - developing sustainable\, continuous learning approaches. DTSTART:20170826T153000Z DTEND:20170826T163000Z DTSTAMP:20260417T075715Z UID:15037614-0071-09a3-84af-9bc0c5460f93 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/the-future-of-d igital-security-education-for-human-rights-defenders-developing-sustainabl e-continuous-learning-approaches/\n\nSpeaker(s): Kaustubh Srikanth\n\nReco rded: No\n\nStreamed: No\n\nDigital security training plays a very import ant role in securing activists and human rights defenders and increasing t he efficiency of their work while they use the internet. However\, a lot o f the time\, face-to-face security training is hard to organise\, conduct and follow-up post training.\n\nOver the last several years\, we have see n a variety of community developed toolkits\, guides and other resources t hat help aid security trainers educating the human rights community on how to protect themselves and their peers from the multiple threats they face .\n\nAs technology rapidly evolves\, the digital threat landscape evolves with it. Digital security tools and tactics go outdated pretty quickly and it is becoming extremely important to create new sustainable approaches t o help human rights defenders stay updated with the latest\, efficient way s to improve their defense and minimise these threats.\n\nSome newer initi atives such as https://advocacyassembly.org/ and https://totem-project.org are trying to improve the efficiency of online learning by applying some of the best practices from traditional forms of online education such as M OOCs(massive open online course) and interactive testing methods to digita l security training aimed towards the activist community.\n\nThis session aims to engage with rights activists\, digital security trainers and othe r thought leaders from the community to discuss and help develop the futur e of digital security training for HRDs\, with focus on offline and online methods/techniques that can be combined to create a training environment that encourages better community engagement\, helps build a continuous lea rning environment and increases knowledge retention. LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Towards more trustworthy systems - or how to learn more about Inte rnet core protocols DTSTART:20170826T163000Z DTEND:20170826T173000Z DTSTAMP:20260417T075715Z UID:15037650-0069-8b1c-c595-2500a48d5b28 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/towards-more-tr ustworthy-systems-or-how-to-learn-more-about-internet-core-protocols/\n\nS peaker(s): hannes\n\nRecorded: Yes\n\nStreamed: Yes\n\nThe number of CVE f or contemporary operating systems is increasing. The code of these system s is getting more and more complex (see e.g. systemd). At the same time\, we contain each service into their own virtual machine (or container in c ase we're low on resources). The question is: do we need a full general purpose operating system for each service?\n\nWe can instead apply softwar e engineering best practises (abstraction and composition)\, and specialis e the operating system at compile time\, composed of a set of libraries. The resulting single purpose virtual machine is roughly two orders of magn itude smaller (by providing the same intended functionality) -- this decre ases the maintenance overhead (why should an authoritative nameserver incl ude an ssl implementation\, which I need to update whenever security advis ories are published for the ssl implementation)\, and reduces the attack s urface.\n\nAdditionally\, instead of using a very low level programming la nguage where everybody can easily make mistakes\, why not use a high level language (reducing the attack vectors)?\n\nI'll introduce MirageOS\, an o perating system based on OCaml\, and give an overview of recent developmen ts: a mechanism for resource sharing\, a DNS recursive resolver\, a major OS release with improved APIs)\, and what still needs work (such as GUI\, more protocols\, ....\n\nWebsites: https://hannes.nqsb.io https://mirage.i o LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:jackline meetup DTSTART:20170826T183000Z DTEND:20170826T193000Z DTSTAMP:20260417T075715Z UID:15037722-0081-33f2-1c30-091d664b29bd DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/jackline-meetup /\n\nSpeaker(s): hannes\n\nRecorded: No\n\nStreamed: No\n\njackline is an xmpp client https://github.com/hannesm/jackline LOCATION:Bar Area END:VEVENT BEGIN:VEVENT SUMMARY:Wisefire Live Set DTSTART:20170826T213000Z DTEND:20170826T223000Z DTSTAMP:20260417T075715Z UID:15037830-0081-1632-a3b0-0037db410db2 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/wisefire-live-s et/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nHe like his Chiptune upbeat\, melodic and with a kick to it. Influenced by acid and e lectro\, Wisefire’s message is simple “All I require is that you Dance ”. LOCATION:Bar Area END:VEVENT BEGIN:VEVENT SUMMARY:Qubes User Meetup\, meet\, greet\, workshop\, tips and tricks DTSTART:20170827T103000Z DTEND:20170827T113000Z DTSTAMP:20260417T075715Z UID:15038298-0077-22a4-f09a-bc452477f883 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/qubes-user-meet up-meet-greet-workshop-tips-and-tricks/\n\nSpeaker(s): Kramse\, aka Henrik Kramshøj\n\nRecorded: No\n\nStreamed: No\n\nWe will meetup\, talk about Qubes OS https://www.qubes-os.org/\n\nWe are a group which have moved to u sing Qubes OS as our primary or private laptops\, and we have some experie nces to share.\n\nMaybe we will even have a presentation\n\n\nThis is not an installfest\, but what comes after\, like: How to change Disposable VM settings\, how to add another template for Kali Linux etc. LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Talla: Implementing Tor in Erlang DTSTART:20170827T103000Z DTEND:20170827T113000Z DTSTAMP:20260417T075715Z UID:15038298-0061-12ea-2d94-468ec34b5a93 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/talla-implement ing-tor-in-erlang/\n\nSpeaker(s): Lasse Grinderslev Andersen\n\nRecorded: Yes\n\nStreamed: Yes\n\nIn this talk I take a dive into Talla\, an Erlang implementation of the Tor protocol. \nI will start with a quick introducti on to the general design principles of both Erlang and Tor and then discus :\n - Erlang specific considerations of implementing the Tor protocol\n - State of progress\n - Present and planned Talla features\n - R oadmap for testing Talla and Tor\n\nNo prior knowledge of Erlang is requir ed for this talk. Knowing a little bit about\nTor is an advantage but not a prequisite for this talk. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170827T113000Z DTEND:20170827T123000Z DTSTAMP:20260417T075715Z UID:15038334-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:DNS-over-TLS (rfc7858) on UncensoredDNS / CensurFriDNS DTSTART:20170827T123000Z DTEND:20170827T133000Z DTSTAMP:20260417T075715Z UID:15038370-0069-388e-77cd-69c6b4371bfa DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/dns-over-tls-rf c7858-on-uncensoreddnscensurfridns/\n\nSpeaker(s): Thomas Steen Rasmussen\ n\nRecorded: Yes\n\nStreamed: Yes\n\nDNS-over-TLS (rfc7858) is here\, and is supported on UncensoredDNS/CensurFriDNS. Using it will vastly improve y our privacy and security by encrypting and authenticating the vulnerable " last mile" between you and your DNS provider.\n\nI will describe the techn ical details including the TLS privacy profiles defined in the RFC\, serve r setup (Nginx)\, client setup (Stubby (getdns))\, my considerations regar ding anycast key management and distributing public key pinning informatio n.\n\nI will also briefly describe what it entails to run an anycast node for UncensoredDNS\, in case someone in the audience feels like helping out . Finally I will discuss crowd funding possibilities for the project. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:The HTTP GET attack DTSTART:20170827T133000Z DTEND:20170827T143000Z DTSTAMP:20260417T075715Z UID:15038406-0067-57e7-7fdc-bdc6747d885c DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/the-http-get-at tack/\n\nSpeaker(s): Hanno Böck\n\nRecorded: Yes\n\nStreamed: Yes\n\nA su rprisingly simple security vulnerability can have massive implications: Fi les laying around on web servers\, accessible for anyone to download.\n\nG it repositories\, database dumps\, backup files of PHP scripts\, configura tion files with login credentials or core dumps from application crashes - there are various files that end up on webservers. By guessing common fil enames it is very often possible to download secret data from web servers. \n\nLinks\n\n- [zeit.de article](http://www.zeit.de/digital/datenschutz/20 17-07/customer-data-how-2000-unsecured-databases-landed-online)\n- [blog.h boeck.de article](https://blog.hboeck.de/archives/887-Dont-leave-Coredumps -on-Web-Servers.html) LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Linux kernel debugging for sysadmins DTSTART:20170827T143000Z DTEND:20170827T153000Z DTSTAMP:20260417T075715Z UID:15038442-0069-523e-b5dc-403c546718ef DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/linux-kernel-de bugging-for-sysadmins/\n\nSpeaker(s): Minto Joseph\n\nRecorded: No\n\nStre amed: No\n\nA deeper understanding of linux kernel would help sysadmins to debug issues\, tune systems and provide better root cause analysis. This talk would provide insights on investigative methods and tools\, that can be used by Linux Admins to understand a bit more about the systems they ma nage.\n\nTalk will cover following:\n\n* Addressing the issue of "My syste m is not responding !!"\n* Investigative methods that can be used when the system is unavailable.\n* SysRq and Vmcore\n* Identifying and analysing f ollowing issues: \n Panics\n Lockups\n Out of Memory\n hung_task\n Resourc e utilization\n Hardware issues or underlying hypervisor issues.\n* Vmcore analysis demo LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Coreboot - a short introduction DTSTART:20170827T153000Z DTEND:20170827T163000Z DTSTAMP:20260417T075715Z UID:15038478-0061-0376-465f-adbb024ee08a DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/coreboot-a-shor t-introduction/\n\nSpeaker(s): Jurre van Bergen\n\nRecorded: No\n\nStreame d: No\n\nThis is a short introduction into Coreboot and why it's important that we have the possibility to free our BIOS and firmware of our devices . Afterwards we'll do a workshop. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Overview of banking malware as a business DTSTART:20170827T163000Z DTEND:20170827T173000Z DTSTAMP:20260417T075715Z UID:15038514-0061-2192-0eae-4b918e4efb9b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/overview-of-ban king-malware-as-a-business/\n\nSpeaker(s): Saad Khan\n\nRecorded: Yes\n\nS treamed: Yes\n\nBehind the scenes banking malware is supported by sophisti cated criminal infrastructure consisting of various components. Typically\ , a binary piece of malware is written with all the features that criminal s can use to exploit the victims. The malware is then distributed to victi ms and upon infection\, the malware collects information from victim’s m achine and sends it to CnC servers controlled by the criminals. To receive the victim’s information\, criminals set up their own CnC servers and a n administration panel to monitor the infections and manually control them if needed. The administration panel provides the criminals with a dashboa rd showing a list of infected computers\, their location\, windows version and even the balance of the victim’s bank account. Depending on the mal ware\, the money from the victim’s bank account is then stolen and trans ferred to money mules\, which cash out the stolen money and return it to t he criminals.\n\nThis talk will explain how the banking malware is run fro m the criminal point of view and will also go into detail about the variou s components that are needed to run a ‘successful’ criminal empire. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Coreboot - the workshop! DTSTART:20170827T163000Z DTEND:20170827T183000Z DTSTAMP:20260417T075715Z UID:15038514-0071-0462-3ce9-5029b3440eb7 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/coreboot-the-wo rkshop/\n\nSpeaker(s): Jurre van Bergen\n\nRecorded: No\n\nStreamed: No\n\ nLet's flash some laptops with Coreboot/Libreboot and place a free/open so urce firmware/bios on your machine!\n\nCan help with:\n\n thinkpad x60( s)\n thinkpad x201\n thinkpad x220\n thinkpad x230\n asus chro mebook c201\n\nI'll bring a raspberry pi and a soic-8 clip and jumper cabl es. If you have equipment like this laying around\, please bring some\, th e more clips\, the more liberated laptops! LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:Reproducible Builds DTSTART:20170827T173000Z DTEND:20170827T183000Z DTSTAMP:20260417T075715Z UID:15038550-0061-32fa-2d6c-02e3354618a3 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/reproducible-bu ilds/\n\nSpeaker(s): Holger Levsen\n\nRecorded: Yes\n\nStreamed: Yes\n\nFu ll title: Reproducible Builds - We Made Lots of Progress in Many Places\, But We're Still Far From Our Goals of Changing the (Software) World\n\nRep roducible builds enable everyone to verify that a given binary is made fro m the source it is claimed to be made from\, by enabling anyone to create bit by bit identical binaries.\n\nThis talk will report on the state of re producible builds in various distributions (Debian\, Archlinux\, coreboot\ , F-Droid\, Fedora\, FreeBSD\, Guix\, NetBSD\, OpenWrt\, SuSE\, and Qubes OS - to name a few) and thus should be interesting and insightful for anyo ne working on any free software project.\n\nHolger will explain how he sta rted working on this in the Debian context and how his focus shifted sligh tly over the time. So he will start with explaining the status of Reproduc ible Debian\, but this is quickly followed by an overview of common proble ms and solutions\, followed by a quick explaination of the shared test inf rastructure for reproducible tests of any project. You will learn how the community was broadened\, what future plans we have to address what might be needed beyond being able to reproducible build something\, so this beco mes truly meaningful for users in practice.\n\nIn this talk you will also learn about the challanges we're facing to deliver on the promise. Being a ble to reproducibly build in theory is not enough\, one needs to be able t o do so in practice. And enabling this on a distro scale is much harder th an we thought…\n\nURL: https://reproducible-builds.org LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Hacking with Care DTSTART:20170827T183000Z DTEND:20170827T193000Z DTSTAMP:20260417T075715Z UID:15038586-0061-357e-d575-e597fb464093 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/hacking-with-ca re/\n\nSpeaker(s): Jérémie Zimmermann\n\nRecorded: Yes\n\nStreamed: Yes\ n\nCare for hackers and hacker's ethics for caregivers. Learning\ntechnolo gies to hack our bodies and our minds as major objective for\nour movement s and struggles to come. Towards a strategic alliance\nbetween hackers\, a ctivists and caregivers? LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Pentest and Kali introduction DTSTART:20170828T083000Z DTEND:20170828T123000Z DTSTAMP:20260417T075715Z UID:15039090-0079-194f-0a2b-1aed44415966 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/pentest-and-kal i-introduction/\n\nSpeaker(s): Kramse\, aka Henrik Kramshøj\n\nRecorded: No\n\nStreamed: No\n\nBasic pentesting - An introduction to pentesting wit h Kali.\n\nWe will get you started using Kali\, Nmap and some other basic tools. After this session you will be able to explore pentesting and have fun.\n\nKali is a Linux distribution with several 100s of pentesting and h acking tools. It can be daunting to get started\, so we will give you poin ters like http://sectools.org/ and an idea how to get started. We will als o show wireless scanning with aircrack/airodump. \n\nIf you want to prepar e then buy a cheap wifi USB card like the TP-Link TL-WN722N which is appro x the same price as a big mac menu :-D\n\n4 hours LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:BitcoinCTF III DTSTART:20170828T093000Z DTEND:20170828T103000Z DTSTAMP:20260417T075715Z UID:15039126-0061-3848-5b8c-4df7484a9b9a DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/bitcoinctf-iii/ \n\nSpeaker(s): Luke\n\nRecorded: No\n\nStreamed: No\n\nLuke will talk abo ut BitcoinCTF\, a web-based Capture The Flag (CTF)\ncompetition he recentl y launched for the third time. The talk will cover\ndetails and solutions for a limited set of challenges. He will also discuss\nhis motivations for creating a CTF\, some tips for people looking to run\ntheir own and futur e plans for BitcoinCTF. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Lunch break DTSTART:20170828T103000Z DTEND:20170828T113000Z DTSTAMP:20260417T075715Z UID:15039162-0056-56e6-67fe-a21ad455f98b DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/lunch-break/\n\ nSpeaker(s): \n\nRecorded: No\n\nStreamed: No\n\nLunch break. LOCATION:Food Area END:VEVENT BEGIN:VEVENT SUMMARY:Bornhack CTF Epilogue and Afterparty DTSTART:20170828T113000Z DTEND:20170828T123000Z DTSTAMP:20260417T075715Z UID:15039198-0061-24ee-8f3f-56738145daa1 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/bornhack-ctf-ep ilogue-and-afterparty/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed : No\n\nThis talk will feature a dissection of some of the challenges pres ented at this years Bornhack CTF.\nSober people not guaranteed. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:A gentle introduction to property based testing DTSTART:20170828T123000Z DTEND:20170828T133000Z DTSTAMP:20260417T075715Z UID:15039234-0061-07fe-1bbe-c6487c4842ab DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/a-gentle-introd uction-to-property-based-testing/\n\nSpeaker(s): Alexander Færøy\n\nReco rded: Yes\n\nStreamed: Yes\n\nAn introduction to testing various propertie s of your code using the Erlang programing language. We will walk over wha t property based testing is\, why it's useful\, how it relates to more com mon testing techniques. We'll look at using property based testing in Erla ng for testing your C code and stateful code. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:key impressioning workshop DTSTART:20170828T123000Z DTEND:20170828T143000Z DTSTAMP:20260417T075715Z UID:15039234-0071-3698-2b93-c56c06422bb2 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/key-impressioni ng-workshop/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nke y impressioning workshop with knud LOCATION:Workshop Rooms END:VEVENT BEGIN:VEVENT SUMMARY:State of the network DTSTART:20170828T133000Z DTEND:20170828T143000Z DTSTAMP:20260417T075715Z UID:15039270-0061-10b0-0b78-8906654b6da8 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/state-of-the-ne twork/\n\nSpeaker(s): Kramse\, aka Henrik Kramshøj\n\nRecorded: No\n\nStr eamed: No\n\nCome and meet the network team who will talk about the design and operation of the network at BornHack. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:meeting: Open CYBERtable DTSTART:20170828T143000Z DTEND:20170828T153000Z DTSTAMP:20260417T075715Z UID:15039306-0061-3467-bb15-df5d8f43ba8d DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/meeting-open-cy bertable/\n\nSpeaker(s): klondike\n\nRecorded: No\n\nStreamed: No\n\nDo yo u have an interest in computer or network security but you need help estab lishing grounds? Or you feel like a pro h4x0r that could teach over 9000 n ewbies? Come in\, ask questions give answers and learn!\n\n#NetworkSecurit y #Training\n\nThe open CYBERtable is intended as a lightly moderated meet ing to pass on knowledge to the next generation of hackers. The activity c onsists on sitting around in a circle like shape so that all can see all a nd keep a distended talk about security topics where all participants can put new questions on discussions.\n\nThe rules that participants are expec ted to follow are:\n* Respect each other.\n* Don't interrupt the one speak ing.\n* No question is stupid enough.\n* If you have something to share on the current topic\, go ahead!\n\nThe whole idea is creating a friendly en vironment where hackers with more experience can share their knowledge wit h those that are starting or less experienced. As with any learning experi ence\, this usually has positive effects for both\, experienced hackers ca n see their own knowledge challenged by the questions those forcing themse lves to explore it in depth reinforcing it\, they may also learn new point s of views and topics that they may not have discovered otherwise. On the other hand\, the ones that are starting will get a lot of new knowledge an d focused answers to their questions that can help them in becoming better hackers in the future. LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Scavenger hunt epilogue DTSTART:20170828T153000Z DTEND:20170828T163000Z DTSTAMP:20260417T075715Z UID:15039342-0061-37d3-104a-f05688465982 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/scavenger-hunt- epilogue/\n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nCome by and figure out the winner of the scavenger hunt! LOCATION:Speakers Tent END:VEVENT BEGIN:VEVENT SUMMARY:Goodbye World DTSTART:20170828T163000Z DTEND:20170828T173000Z DTSTAMP:20260417T075715Z UID:15039378-0067-3a39-091d-d2bd449e5879 DESCRIPTION:URL: https://bornhack.dk/bornhack-2017/program/goodbye-world/\ n\nSpeaker(s): BornHack\n\nRecorded: No\n\nStreamed: No\n\nBornHack is alm ost over at this point. We would like to say farewell for now and see you again at the next event.\n\nWe will walk over what we believe has worked a nd what we believe should change the next event. This is an excellent oppo rtunity to submit ideas for BornHack 2018 while the memories are still fre sh. LOCATION:Speakers Tent END:VEVENT END:VCALENDAR