CampZer0, the first zeroth H.A.C.K. camp

• Home
• Call for Papers
• Talks
• Workshops
• Tickets
• How to...
• Ticket Prices

Talks

All videos are mirrored at cryptohub and jmt.gr as well, thanks to DrWhax and Jomat, respectively. If you'd like to watch all the videos, there's a YouTube playlist, for downloading all videos in MKV format in a fast and robust way, we have a Metalink (v3) (recommended client: aria2).

• A security review of open source whistleblowing platforms (DrWhax) • presentation slides • video on YouTube (download in MKV)
  Since Wikileaks released the diplomatic cables in late 2010, many have tried to build open source whistleblowing platforms. Two notable platforms are Globaleaks from the Hermes center and deaddrop from the late Aaron Swartz. This talk will provide a security review of both platform and list what should be improved, how it can be improved and what you should use right now.
• GSM - have we overslept the last wake-up call? (Domonkos Tomcsányi) • presentation slides • video on YouTube (download in MKV)
  GSM is practically broken since January, 2011. I will never forget that day when Karsten Nohl and Sylvain Munaut held their presentation at 27c3 showing how an attacker can use inexpensive equipment and open-source software to sniff a phone call, creack the key, and listen to the conversation. I have been dreaming about doing something similar with GSM ever since. However my dream never became reality because none of the code was released (which is totally understandable of course). But the situation of GSM security changed lately (with the introduction of a new player: RTL-SDR), so I am quite happy to announce that I have now the possibility to bring GSM closer to people. And by people I mean everyone who is curious about this topic, script kiddies as well as professionals. Why? Because I think GSM needs to be patched and the only way to achieve this is through disclosure. People need to get their hands "dirty" on GSM so we as a whole community can push mobile network operators to implement security enhancements in their own networks as it happened with WEP and IEEE.
  Naturally I am not going to present a full GSM-sniffing attack (mainly because of the limitations of the code I'm using), but I will present a partial GSM-sniffing attack only using very cheap hardware (<15 USD) and open-source tools. I am planning to do a workshop-presentation mixture (I will walk you through step by step, so anyone who would like to follow along could do it easily). The only hardware requirement is an RTL-SDR stick. For software: GnuRadio naturally and airprobe.
• How to abuse high-profile APT malware components - reconfiguration of Duqu, Flame and MiniFlame (Boldizsár Bencsáth, CrySys lab) • presentation slides (PowerPoint format, PDF version) • video on YouTube (download in MKV)
  In my talk, I'll share some insight about the possibility of reusing high-profile APT modules, namely, parts of Duqu, Flame and Miniflame. A "what if" scenario will be discussed, to find out how easy it is to reuse components of known malware by adversaries and to show the plausibility of victims successfully deploying counterattack based on their observations on targeted attacks against them.
• Post-Snowden Crypto (Stef) • presentation slides (TOR onion link, local mirror) • video on YouTube (download in MKV)
  The evidence of the unexpected scale of global surveillance by the western agencies introduces a new more powerful adversary into the classical crypto threat model where the adversary is mostly pictured as "Mallory". Let's reassess existing crypto tools and make a plan how to readjust.
  The talk will address existing tools, crypto protocols like TOR, PGP, OTR and will probably wander of into a wild brainstorming of other existing solutions and exciting protocols. This will be interesting for the applied crytographers, the happy hacker and the concerned citizen as well.
• Why and how you should build and run your own Internet Access Provider, or at least try (Julien Rabier aka taziden, free software and Internet lover, Co-founder of a non-profit and local ISP in France, Ilico; also vice-president of FFDN, a federation of non-profit ISPs.) • presentation slides • video on YouTube (download in MKV)
  Building and running an ISP is not that difficult. It's hard to say how many people are connected to the Internet by such weird structures, but we know that they are more and more each day. What is at stake is taking back the control of the Internet infrastructure and showing that a neutral Internet access is natural.
• Abusing the IPC of Android apps for fun and profit (András Veres-Szentkirályi, Silent Signal) • presentation slides • video on YouTube (download in MKV)
  Besides isolating applications from the system and each other, Android provides standardized methods for apps to share data with each other in a secure manner. However, incompetence and/or ignorance can lead to insecurity, and many applications expose more than the authors intended for. In my talk, I'll present three case studies, covering the Seesmic social media application, the MWR BSides Challenge application and an unnamed e-mail application, latter remaining unidentified as the vendor is in the process of fixing the vulnerability. The talk will begin with an introduction of the context, so no Android development experience is needed, furthermode, participation is highly recommended for anyone involved in Android application development.
• Cyberterrorism hype or how we pay our governments to reduce our privacy (Wilder) • presentation slides • video on YouTube (download in MKV)
  "IT security from the point of view of economical pragmatic" with the goal to refute the myth that governments are able effectively to fight against cyber-crime (e.g. using PRISM) and the myth that increasing government regulation and legislation can actually increase the privacy of citizens. I will also analyze if there should be something like "guaranteed right to digital privacy" or not.
• We won the war (maybe) – managing the transition (Andy / CCC) • video on YouTube (download in MKV)