HACKER DOUBLE SUMMER 2022 GUIDES — Part Five: A New HOPE (HACKERS ON PLANET EARTH)

DCG 201
66 min readJul 16, 2022

Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker conventions and shenanigans at the start of July to the end of August both In Person & Digital! 2022 is a GIGANTIC year for hacker hysteria with so many events this will break the most guides we have ever written with the lucky number 13 as the goal. As more blog posts are uploaded, you will be able to jump through the guide via these links:

HACKER DOUBLE SUMMER — Part One: Surviving Las Vegas, New York & Virtually Anywhere

HACKER DOUBLE SUMMER — Part Two: Capture The Flags & MLH INIT Hackathon

HACKER DOUBLE SUMMER — Part Three: SummerC0n

HACKER DOUBLE SUMMER — Part Four: ToorCamp

HACKER DOUBLE SUMMER — Part Five: A New HOPE (HACKERS ON PLANET EARTH)

HACKER DOUBLE SUMMER — Part Six: SCaLE 19X

HACKER DOUBLE SUMMER — Part Seven: Back2Vegas by RingZero

HACKER DOUBLE SUMMER — Part Eight: BSides Las Vegas

HACKER DOUBLE SUMMER — Part Nine: Black Hat USA

HACKER DOUBLE SUMMER — Part Ten: The Diana Initiative

HACKER DOUBLE SUMMER — Part Eleven: USENIX + SOUPS

HACKER DOUBLE SUMMER — Part Twelve: DEFCON 30

HACKER DOUBLE SUMMER — Part Thirteen: Wiki World’s Fair

HACKER DOUBLE SUMMER — Part Fourteen: Blue Team Con

HACKER DOUBLE SUMMER — Part Fifteen: SIGS, EVENTS & PARTIES IN LAS VEGAS

A New HOPE (Hackers On Planet Earth)

Date & Time: Friday, July 22th (10:00 AM EST) — Sunday, July 24th (7:00PM EST) EST)

Location: St. John’s University (8000 Utopia Pkwy, Queens, NY 11439)

Website: https://www.hope.net/

Tickets (Until July 15th):

(IN-PERSON) https://store.2600.com/products/tickets-to-a-new-hope (VIRTUAL) https://store.2600.com/products/tickets-to-a-new-hope-virtual-attendee

Virtual Platform(s): TBA

Schedule: https://scheduler.hope.net/new-hope/schedule/

Live Streams: YouTube

DAC 206: https://www.youtube.com/watch?v=akpBMlYbdQw

DAC 416ABC: https://www.youtube.com/watch?v=OQVElKl5X4I

Little Theater: https://www.youtube.com/watch?v=YeeRDsDK2Nc

Virtual Chat: Matrix: https://element.hope.net/

Affordability: In-Person Tickets will be sold for $200 online. After July 15th online sales will end, there will be NO TICKETS SOLD AT THE DOOR! Virtual Tickets are $99.

Code Of Conduct: https://www.hope.net/codeofconduct.html

The Hackers on Planet Earth (HOPE) conference series is a hacker convention sponsored by the security hacker magazine 2600: The Hacker Quarterly that until 2020 was typically held at Hotel Pennsylvania, in Manhattan, New York City. Occurring biennially in the summer, there have been twelve conferences to date with the most recent occurring 20–23 July 2018.

A New HOPE will be a transformational conference for the hacker community — in so many ways. We’ve all been through a lot, and it’s been challenging. It is a time to come together again to inspire, transform, and share HOPE.

A New HOPE will be live and in person, and at a great new venue. St. John’s University has more space, more possibilities, and offers us much more support for HOPE far into the future.

We will miss our old long-time home, the Hotel Pennsylvania, which is, sadly, being demolished. But we are now ready for our next chapter. We hope you’ll join us for this this exciting bit of history as we create A New HOPE together.

This is where many at DCG 201 got their start after following the local NYC 2600 meetings. Most of our friends from New Jersey and New York City are involved in this convention, and we have many fond (and not so fond memories) from the original bed-bug infested roof partying Club Mate drinking Hotel Penn. Focused more on the hacker community and hacktivism, HOPE is a huge staple for us at DCG 201 and hackers from around the world as there is no convention that is quite like it.

COVID-19 Safety

All in-person attendees for A New HOPE need to be vaccinated against COVID-19. Attendees will show proof of vaccination upon check-in. This will be separate from registration and we will NOT save that information. (This allows you to attend the conference under an alias while filling the above requirement.)

All attendees will be required to wear a mask indoors at St. John’s University throughout A New HOPE.

EMERGENCY NUMBERS IN NEW YORK CITY

Department of Health and Mental Hygiene (DOHMH) Bureau of Communicable Disease: 866–692–3641

Emergency Preparedness Mental and Behavioral Health & NYC Well: 888-NYC-WELL or 888–692–9355

Poison Control Center (24/7): 212-POISONS or 212–764–7667

Department of Homeless Services: 212–361–8000

Emergency Management: 718–422–8700

Emergency Medical Services: 718–999–2770

Fire Department (FDNY): 718–999–2000

Bronx: 718–999–3333

Brooklyn: 718–999–4444

Manhattan: 212–999–2222

Queens: 718–999–5555

Staten Island: 718–999–6666

Hospital Preparedness Program Office of the Chief Medical Examiner: 212–447–2030

Terrorism Hotline: 888-NYC-SAFE or 888–692–7233

A New HOPE Schedule App:

ANDROID: https://play.google.com/store/apps/details?id=info.metadude.android.hope.schedule

F-Droid: https://f-droid.org/packages/info.metadude.android.hope.schedule

Ticket & Registration Information

Your first stop will be the proof of vaccination location, just outside the D’Angelo building, #12 on the campus map. This is a large building with a carillon on top, around 150 yards from the parking garage.

Once your proof of vaccination has been verified by volunteer staff against your ID, you will go inside to the registration desk where you will show your QR code and get your attendee badge.

Your badge is for all three days of A New HOPE — don’t lose it!

Registration Hours

Thursday, July 21: 4:00 PM — 8:00 PM

Friday & Saturday, July 22–23: 8:30 AM — 10:00 PM

Sunday, July 24: 9:30 AM — 2:00 PM

DCG 201 @ A NEW HOPE

We at DCG 201 will be joining our neighbors across the river (and two major NYC districts while slowly melting on the E/J Train) to attend A New HOPE! A ton of activities, live streams, talks and workshops will take place by us! If you see any of us like our Co-Founder Sidepocket, make sure to say hi!

PEnnsylvania 6–5000: A Hacker Farewell to the Hotel Pennsylvania

2022–07–23, 11:00 PM (US/Eastern), 206 DAC

The modern public knew it as the Hotel Pennsylvania. The many people who booked rooms there knew it as the dirty decaying building where they got bedbugs that one time. Throughout history it was known as the The Statler Hilton, The New York Statler, and the New York Penta. But to mischievous hackers every two years in New York City, it was simply known as home. This talk will be a dissection of HOPE’s former abode as its strange history is examined. Secrets that never saw the light of day until now will be revealed and hacker stories that live in the hard drive of our minds will be shared. Attendees can also come up to the mic and share their stories, grievances, fairy tales, myths, epic yarns, and shocking truths about their own Hotel Penn memories committed to hacker record.

Sidepocket (@defcon201nj) is a co-founder of DCG 201, an open group for hacker workshop projects in northeast New Jersey, overly motivated to help people get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, TOOOL, Museum of Urban Reclaim Spaces, and The Yes Men.

Xio (@XioNYC) is a long-time institution of NYC2600 and has accumulated decades of knowledge of the communication arts, from pre-production to finished product. A three-time HOPE conference lecturer, he passes along his wisdom for hacking, accessibility, philosophy, and getting by on minimal budgets. 12h 24m 09.927(9) -40°41'29.7(3)

DCG 201 LIVE STREAMS

NOTE: Dates & Times of LIVE Streams might change leading up to and/or during the convention. This page will be updated to reflect that and follow our social media for up to date notices.

DCG 201 Special — A New HOPE 2022 — The Master Of Unlocking

Saturday, July 23rd 7:00 PM— 10:30 PM EST

On this special episode of The Master Of Unlocking, DCG 201 Co-Founder & TOOOL Member Sidepocket will sit down with attendees at A New HOPE (HACKERS ON PLANT EARTH) as he mentors them with lockpicking, decording & bypassing techniques.

If you are attending A New HOPE we will be streaming from the Lockpicking Village. In leau of the village being not accessible we will announce an alternative location the day of!

DCG 201 Special — A New HOPE 2022 — Crypto Barons

Friday July 22nd 5:00 PM— 7:00 PM EST

On this special episode of Crypto Barons, DCG 201 Co-Founder & TOOOL Member Sidepocket attends A New HOPEin Queens NY to talk to various cryptographic & privacy experts on the use of cryptocurrency & blockchain technology!

DCG 201 Special — A New HOPE 2022 — Circuit Breakers

Sunday July 24th 1:00 PM— 3:00 PM EST

All LIVE Streams we will be raising funds for various for various Pro-Abortion Organizations such as the National Abortion Federation, The National Network for Abortion Funds & Medical Students for Choice!

ABOUT THE NATIONAL ABORTION FEDERATION

The National Abortion Federation (NAF) is the professional association of abortion providers. We unite, represent, serve, and support abortion providers in delivering patient-centered, evidence-based care.

ABOUT THE NATIONAL NETWORK OF ABORTION FUNDS

The National Network of Abortion Funds builds power with members to remove financial and logistical barriers to abortion access by centering people who have abortions and organizing at the intersections of racial, economic, and reproductive justice.

ABOUT MEDICAL STUDENTS FOR CHOICE

Founded by medical students in 1993 as a response to the almost complete deficit of abortion education in their medical training, Medical Students for Choice (a 501©3 non-profit) has filled a unique niche in the abortion rights movement. We work to ensure that medical students and trainees are educated about all aspects of reproductive health care, including abortion.

ABOUT SAINT JOHN’S UNIVERSITY QUEENS CAMPUS

St. John’s University is a private Roman Catholic higher education institution in Queens, New York City. It was founded in 1870 by the Congregation of the Mission (C.M., the Vincentian Fathers) with a mission to provide a growing immigrant population with quality higher education. Originally located in the Brooklyn borough of New York City, the flagship campus was moved to its current location in the Queens borough during the 1950s. As of 2020, St. John’s alumni total more than 190,000 worldwide.

NYC Travel & Queens Hotels

Once you’ve arrived in New York City, here are some transit suggestions for getting to the St. John’s campus. You can also find suggestions and specific time information at https://tripplanner.mta.info.

Offline NYC MTA Subway Map for Android: https://play.google.com/store/apps/details?id=com.thryvinc.nycmap&gl=US

Offline NYC MTA Subway Map for iOS: https://apps.apple.com/us/app/new-york-city-subway-map/id683294660?ign-mpt=uo%3D8

One ride on a subway or local bus is $2.75 (transfers are free between modes of transit). 7-day unlimited MetroCards, as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops. All buses and subway entrances are also equipped with OMNY readers, which will allow you to use a contactless credit or debit card for your fare. If you do not want to leave a digital trail of your travels, we suggest you purchase a MetroCard with cash or coins. Learn more about buying MetroCards at https://new.mta.info/fares/where-to-buy-a-metrocard.

VIA MTA LOCAL TRANSIT

(You will need a MetroCard to ride the MTA. One ride on a subway or local bus is $2.75. 7-day unlimited cards ($33), as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops.)

Take the E or F train to Kew Gardens — Union Turnpike.

Exit the train at Queens Boulevard/78th Avenue, on the north side of Queens Boulevard. (This will be at the back of the train if you’re coming from Manhattan or Brooklyn.)

The Q46 bus line begins here, and runs between every 6 and every 10 minutes.

Get off the bus at Union Turnpike and 175th Street and enter the St. John’s campus.

VIA MTA EXPRESS BUS

(You will need a MetroCard to ride the MTA. 7-day unlimited options, as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops. If you plan on utilizing the Express Bus option, one ride is $6.75. You can also purchase a 7-day unlimited MetroCard with Express Bus availability for $62.)

Express buses run from Midtown Manhattan directly to Queens. The QM5 and QM6 (https://new.mta.info/document/14376) run hourly on weekends; exit the bus at 168th Street and Union Turnpike, and walk up to 173rd Street and enter the St. John’s campus.

VIA LONG ISLAND RAILROAD (LIRR)

(Long Island Railroad tickets are available for purchase at LIRR stops, including Penn Station. They may be purchased in conjunction with MetroCards at marked kiosks. You will need a MetroCard to get on the local bus.)

Take any LIRR train to Jamaica. (This is a major hub; all lines will stop here.) Exit the train station and board the Q30 or Q31 bus. Get off the bus at Utopia Parkway and Kildare Road and enter the St. John’s campus.

VIA CAR (ALSO DIRECTIONS FOR LYFT, UBER, ETC.)

The official street address for St. John’s University is 8000 Utopia Parkway, Jamaica, NY 11439. Secure garage parking is readily available on campus!

One of the new features of A New HOPE is the range of places to stay.

Your options include:

  1. On-campus housing at St. John’s (student dormitories, registration deadline is July 15) https://stj.formstack.com/forms/2022_hope_convention
  2. (Sorry! These group rates are sold out) Off-campus hotels nearby with our group rate. The Q30 bus provides a direct link. There are plenty of restaurants within walking distance of this hotel — and The Emerald Pub, a classic dive bar, is right next door and open way late.

Hotels near both JFK and LaGuardia airports:

Anywhere else in the city!

Getting to St. John’s is easy — visit the travel page for more information — and there may be options for shuttles between the hotels and campus.

Before you decide where to stay, there are certain considerations you should think about. The university has its own rules — particularly around housing — that will affect our participants. The rules are not ours, but participants must keep them in mind. We cannot change these rules — we did not create them, we may not agree with them, but they are the rules of the venue. We also realize that as hackers, one of our impulses is to push boundaries and test limits. We ask in the strongest terms possible that the policies around housing at St. John’s not be the boundaries you test at HOPE, not least because we want to be allowed to continue hosting our conference here.

Wherever you stay — on- or off-campus — you will not need to bring bedding. Both on-campus and at the hotels, the cost of your room includes breakfast each morning of your stay.

Are you coming to HOPE with a partner, spouse, or children who are of another gender than yourself? You should stay in one of the off-campus venues. Regardless of marital status, age, or family relationship, St. John’s will not allow participants of different genders to share a room in the dormitories.

Are you comfortable sleeping in a single bed? Stay on-campus!

Are you comfortable sharing a suite (common areas and bathrooms) with people whom you may not know? Stay on-campus!

On-campus rooming assignments are being made by the St. John’s staff. HOPE staff cannot affect any changes in room assignments. If you and a friend mutually request each other to share a double, you will more than likely be roomed together; however, the makeup of the rooms in a suite will be more at random.

Note: ALL PRICES shown on the St. John’s University page for booking On-campus housing are PER PERSON. To book a Double occupancy room, both people must book separately — and after booking both people must reply to the confirmation email you will receive and state the name of the person you want to be rooming with. Please note that the differences between the per-person price between Single occupancy and Double occupancy room are only about $10 per person per night (plus tax).

  • Single occupancy room means a dorm room with one single bed.
  • Double occupancy room means a dorm room with two single beds.

All dorm rooms at St. John’s are clustered in suites of 4 rooms, with two shared bathrooms.

Will you want to leave the conference for a brief time to go take a shower in the middle of the day? Consider staying on campus! Those staying on campus will receive a dormitory ID; people without dormitory IDs will not be allowed into the residence halls. St. John’s staff will be checking IDs at the dormitory entrances.

Alcohol is not permitted in the dormitories. (This one’s hard, and we don’t like it any more than you do.)

When registering for housing on-campus, you will have to choose to identify as male or female. If you do not identify as exclusively male or female, and/or are not comfortable choosing one of those options when registering, your best option is to stay off-campus.

OH NOM NOM NOM NOM!

The conference does not sell food or provide meals, but St. John’s will be providing food options in the D’Angelo building 3rd level. Plans include Starbucks (Fri 11:00 AM — 8:00 PM, Sat 9:00 AM — 8:00 PMand Sun 9:00 AM — 4:00 PM) and food and drink concessions (Fri 6:00 PM-10:00 PM Sat 11:00 — 10:00 PM).

Affordable Food Options: https://www.tripadvisor.com/Restaurants-g616325-c10646-Queens_New_York.html

A NEW HOPE KEYNOTES

Q&A with Sophie Zhang

2022–07–23, 14:00–14:50 (US/Eastern), 416 DAC

Facebook whistleblower Sophie Zhang will share insights, in discussion with Yan Zhu.

Sophie became a whistleblower after spending two years and eight months at Facebook, personally catching two national governments using the service to manipulate their citizens, and also revealing some troubling decisions made by Facebook. In addition to this discussion with Sophie, Yan also ran the Q&A with Chelsea Manning at The Circle of HOPE in 2018.

Yan Zhu has been the chief information security officer at Brave Software, creators of Brave Browser, since 2015. Prior to Brave, Yan was a senior security engineer at Yahoo, working on end-to-end email encryption, and a staff technologist at the Electronic Frontier Foundation, where she worked on open source projects such as HTTPS Everywhere and Let’s Encrypt. She has also served on the W3C Technical Architecture Group and DEF CON talks review board.

Sophie Zhang became a whistleblower after spending two years and eight months at Facebook failing to fix the company from within. She personally caught two national governments using Facebook to manipulate their own citizenry, while also revealing concerning decisions made by Facebook regarding inauthenticity in Indian and U.S. politics. Formerly a data scientist, she currently stays home to pet her cats.

Keynote Simulcast for Q&A with Sophie Zhang

2022–07–23, 14:00–15:50 (US/Eastern), Little Theatre

Remote viewing of the Q&A with Sophie Zhang. Attendees will be able to send questions via live chat.

Seize the Means of Computation: How Interoperability Can Take the Internet Back From Big Tech

2022–07–24, 16:00–16:50 (US/Eastern), 416 DAC

This is a talk for people who want to destroy Big Tech. It’s not a talks for people who want to tame Big Tech. There’s no fixing Big Tech. It’s not a talk for people who want to get rid of technology itself. Technology isn’t the problem. Stop thinking about what technology does and start thinking about who technology does it to and who it does it for. This is a talk about the thing Big Tech fears the most: technology operated by and for the people who use it.

Cory Doctorow (@doctorow) (craphound.com) is a science fiction author, activist and journalist. He is the author of many books, most recently Radicalized and Walkaway (science fiction for adults), How to Destroy Surveillance Capitalism (nonfiction about monopoly and conspiracy), In Real Life (a graphic novel), and the picture book Poesy the Monster Slayer. His latest book is Attack Surface, a standalone adult sequel to Little Brother. His next nonfiction book is Chokepoint Capitalism with Rebecca Giblin, about monopoly and fairness in the creative arts labor market (Beacon Press, 2022). In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.

A New HOPE Capture the Flag

DiceCTF — Come participate in a capture-the-flag competition organized by
DiceGang! Open to all skill levels; challenges will range from easy to hard.
Learn the basics of binary exploitation, reverse engineering, web hacking, and
cryptography with some hands-on challenges. Team up with friends to compete for
prizes!

The competition will run throughout the conference and you can
participate in-person or online.

AIot Village

2022–07–22, 17:00–23:00 (US/Eastern), Other

AIoT enthusiasts and tinkerers, makers explore 3d printing, quadcopters,
dancing robots, Raspberry Pi’s, and more…

Run inference with darknet and yolov3 (tiny yolo too). This village is a
tinkerspace for people interested in aiot, 3d printing, electronics.

Discussions about privacy, ethics and counter surveillance are welcome.

Visit raspberry pi, pico, pi0, and other small boards workstations.

We will show you how to perform some Hands-On object and face recognition
using different networks like tensorflow or with smaller boards tflite.

We have a wearables sample and just a wide variety of workstations
to explore!

HACK THE PLANET!

Hack the Planet is set in an alternate universe that is not too far off from our own. Make sure your hardware is powerful enough and your hacking skills are up to snuff. Don’t forget that you will also need some social engineering and physical penetration tools to move about freely in real life (IRL). The more 1337 you get the more HEAT you may attract from local, national and global forces, be careful!

Play test the game at A New HOPE, get cool merch!

CONCERTS & ACTIVITIES

Masking Threshold

2022–07–22, 21:00–21:50 (US/Eastern), Little Theatre

Conducting a series of experiments in his makeshift home-lab, a skeptic IT worker tries to cure his harrowing hearing impairment. But where will his research lead him? Masking Threshold combines a chamber play, a scientific procedural, an unpacking video, and a DIY YouTube channel while suggesting endless vistas of existential pain and decay. Glimpse the world of the nameless protagonist in this eldritch tale, which is by no means for the faint of heart.

A discussion and Q&A with the filmmaker will follow.

Cole Fortier Plays Piano

2022–07–23, 17:00–20:00 (US/Eastern), Other

Through piano and vocals, Cole Fortier will perform three different setlists showcasing his diverse musical interests and abilities. Two of the sets will feature covers of famous soulful songs from the 60’s, 70’s, and 80’s. These sets will also blend together his own original music. His music fits within the pop/soul/soft rock stylings of the covers while also incorporating influences of theatre, jazz, and classical music. One of his three sets will showcase an epic extended instrumental piano improvisation!

Irradiant Waves Program

2022–07–22, 11:00–13:00 (US/Eastern), Other

2022–07–22, 16:00–19:00 (US/Eastern), Other

2022–07–23, 11:00–13:00 (US/Eastern), Other

2022–07–23, 16:00–19:00 (US/Eastern), Other

2022–07–24, 11:00–13:00 (US/Eastern), Other

2022–07–24, 15:00–18:00 (US/Eastern), Other

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City’s vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

They serve mainly West Indian and Latino/a neighborhoods with news and cultural content from their respective countries of origin as well as crucial information on negotiating life in a new land. By broadcasting illegally through the unseen cracks of the radio dial, these stations push back against a dense thicket of regulations, political barriers and high costs that keep these economically marginalized groups from accessing the airwaves legally. The willingness of the stations’ operators to risk fines and arrest to broadcast on radio amid the conveniences of the digital age reflects historic cultural ties to receiving information via radio in their communities and the freedom of not having to pay for subscriptions and data usage.

“Irradiant Waves” will rebroadcast recorded content from pirate radio stations and will act as a walk-through ionosphere where invisible clouds of signals correspond to the locations of New York City’s pirate radio neighbor-hoods detectable only by radio. The space will be divided into six transmission zones representing the neighborhoods where pirate radio activity is high: the Bronx, Brooklyn, Queens, and across the Hudson in the working class towns of New Jersey. Each zone will contain a radio station consisting of a low power FM transmitter, antenna, and audio playback.

On-site listeners will be able to tune in using portable radios and headsets, allowing them to trace the signals through the diverse neighborhoods as they walk between the zones. The mass of overlapping and shifting signals is intended to convey the ebb and flow of sonic culture hovering over the city and demonstrate how illicit radio waves can overcome legal, political, economic and geographical barriers.

Hacker Karaoke

2022–07–22, 22:10–23:00 (US/Eastern), 416 DAC

This is Karaoke with a hacker theme! Participants will give a live performance consisting of hacker-oriented lyrics, set to a song from a standard Karaoke library playlist.Visuals, backup singers, and costumes are welcome but not required. A panel of judges will award points for:

  • Lyrics (hacker-oriented topic, lyrical quality, originality…)
  • Performance (energy, flair, dance moves, diction…)
  • Visuals (optional backing video, costumes, backup performers…)

Winners will be given recognition, bragging rights, and perhaps a prize. Songs should be under approximately 3 minutes. Sign-ups will open at the start of HOPE.

Tilted Axes

2022–07–22, 21:00–22:00 (US/Eastern), Other

Music for Mobile Electric Guitars is an ensemble of guitarists and percussionists led by composer and performer Patrick Grant. The musicians perform original music untethered via portable mini-amps strapped over their shoulders. The project takes on aspects of spectacle informed by the tradition of urban street bands, avant-garde theater, and ancient music. It takes music out into the world and seeks transformative situations meant to change the community conversation.

Ohm-I

2022–07–22, 23:00–00:00 (US/Eastern), 416 DAC

nerdcore rap

Frae-Frae

2022–07–23, 00:00–01:00 (US/Eastern), 416 DAC

A electronic that will travel trough sounds of prayer, protest, and peace.

Autumn Ate Everything

2022–07–23, 01:00–02:00 (US/Eastern), 416 DAC

is a collection of creative performance projects that involve everything from hardware building to immersive Minecraft world building. At the core of the project is a system of expressive live-looping that I have been building since 2011.

casualFriday DJ Set

2022–07–23, 02:00–03:00 (US/Eastern), 416 DAC

High energy mix of 90s/2000s throwback electronica with a few originals. Vibe like you just watched Hackers and stayed up all night in IRC.

Hackers Got Talent

2022–07–23, 21:00–21:50 (US/Eastern), 416 DAC

Do you have a cool talent or hack? Here’s your chance to present it onstage to a large audience of enthusiastic hackers, hosted once again by hacker archivist Jason Scott. Onstage hacks will be judged by a combination of panelists and audience. First place wins a valuable prize!

Hacks Poetic

2022–07–23, 22:50–23:40 (US/Eastern), 416 DAC

A Showcase and Open Stage!

Hacks Poetic — Join Kirby Stasyna for the debut edition of Hacks Poetic, an hour long poetry showcase and open mic. Listen to the literary stylings of your fellow attendees or write something and get up on the mic yourself.

RADIO WONDERLAND

2022–07–23, 23:40–00:40 (US/Eastern), 416 DAC

RADIO WONDERLAND pulverizes mass media into little bits that dance. Live commercial radio becomes recombinant funk, controlled by old shoes I hit with sticks (I’m a drummer) and a steering wheel (I’m a, er, wheel player).
All the sounds originate from an old boombox, playing radio LIVE. Nothing is pre-recorded. All the processing is live, though my custom MaxMSP code. But I hardly touch the laptop. My controllers really are an old Buick vintage steering wheel, four shoes on stands, and some gizmos. You’ll hear me build grooves, step by step, out of recognizable radio, and even un-wind my grooves back to the original radio source.
I walk on with a boom box, tuned to FM. I plug it into my system and start slicing. I arrange those slices both rhythmically, and, by simple transposition, melodically too. I call this process the RE-SHUFFLER. Another algorithm, my RE-ESSER, isolates sibilance, so I can compose on the spot with those S, T, K, Sh, etc. sounds, like programming a drum machine. The ANYTHING-KICK uses FFT-based convolution to morph a bit of radio in the direction of a kick drum.
The sum is live dance music made performative by shoes, wheel — and myself.
So what’s it all about? Code can subvert commercial media and interrogate the never-ending flow. So my transformations, taken individually, must be clear and simple — mostly framing, repeating and changing pitch — although when everything is put together the whole is indeed complex. My controllers are simple too: the wheel merely a knob to take things up and down (frequency, tempo) or play radio loops like a turntable, the shoes just pads I hit softer or louder. The surreal quality of using such ordinary objects underscores the absurd disconnect usually found between digital controller and sound, as well as the congenial nature of the aural transformations themselves. So, too, my riffs must be vernacular and not elite. (We need the funk.)

Corset Lore

2022–07–24, 00:40–01:30 (US/Eastern), 416 DAC

Corset Lore is the Brooklyn-based, electronic music project of Asian-American composer/musician, Tamara Yadao. She writes electronic, avant-pop in a lyrical and baroque style using vintage Game Boys, synths and vocals. For HOPE 2022, she will perform new material from her forthcoming Fall release, 81 Terpsichore, a concept album baed on a futuristic culture obsessed with the uncanny.

https://corset-lore.bandcamp.com/

D3nt

2022–07–24, 01:30–02:30 (US/Eastern), 416 DAC

D3nt will be performing polyrhythmic noise beats with Ableton. He will also be unveiling the “Chaos Glove”, a custom bluetooth MIDI controller, whose code and schematics will be shared upon request.

more

2022–07–24, 02:30–03:00 (US/Eastern), 416 DAC

Take a trip through the Jungle (Amen) with noise and some reverse engineered 8 bit sounds. Real low bass and syncopated sonic pi driven beats, and propeller based generated sound effects.

dj-spock DJ set

2022–07–24, 03:00–05:00 (US/Eastern), 416 DAC

dj-spock DJ set will take you to space. Dance, code, hack or just listen to finest space tunes :)

DCG 201 WORKSHOP HIGHLIGHTS FOR A NEW HOPE (EST)

Violent Python 3

2022–07–22, 12:00–12:50 (US/Eastern), Workshop B

Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. The presenters build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it’s the easiest language to use for general purposes. This workshop is structured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and they will provide tips and help as needed to make sure everyone is able to solve at least some of the challenges. Participants need only a computer and a web browser.

Build Your Own USB Hacking Tool With the Wi-Fi Nugget and CircuitPython!

2022–07–22, 12:30–15:30 (US/Eastern), Workshop C

In this USB attack workshop, you’ll learn how hackers compromise computers over USB with techniques like keystroke injection — and even get to try it yourself! Kody and Alex will show you how to write your own “Duckyscript” payloads, and how to load the “RubberNugget” attack software on your S2 Wi-Fi Nugget. In addition to helping you write your own attacks, they will walk you through uploading the beginner-friendly CircuitPython programming language on your Nugget, and even demonstrate an experimental web interface you can use to remotely run your payloads.

Building a Home Lab and Introduction to Web Application Hacking With Girls Who Hack and BiaSciLab

2022–07–22, 14:30–15:20 (US/Eastern), Workshop A

In this workshop, you will learn why you should set up a home lab and multiple ways to set it up. Then you’ll jump right into hacking a web application! Students will leave this class with some web application hacking skills and the ability to set up their own home lab. Note: This class is aimed at middle school to high school kids, but adults are welcome if they make room for the kids!

Learn to Solder With BiaSciLab and Girls Who Hack!

2022–07–22, 16:30–17:20 (US/Eastern)

2022–07–23, 10:00–11:00 (US/Eastern)

2022–07–24, 10:00–11:00 (US/Eastern)

, Workshop C

In this workshop, you will learn the basics of soldering by assembling the Girls Who Hack soldering kit! This class is aimed at kids (younger ones will need adult supervision), but adults are welcome as long as they make room for the kids. Kits are available for \$10.

Travel Hacking Workshop With TProphet

2022–07–22, 17:30–20:30 (US/Eastern), Workshop B

Do you have airline miles, bank points, or hotel points? Have a trip you’ve always wanted to take? In this workshop, you can learn how to (legally!) fly for (almost) free. Use the points you’ve earned to take the trip of your dreams for far less than you may expect. Learn how to enjoy luxury travel and even fly “up front” with the rich and famous for as little as $5.60 out of pocket. There’s a catch, though: airlines only give away the seats they don’t think they’ll sell, so you’ll need to think like a hacker. Can you be flexible with dates, airlines, and destinations? Are you willing to consider visiting countries off the beaten path? Come prepared to book right away — great deals don’t last!

Kubernetes Security: Learn by Hacking

2022–07–23, 10:00–10:50 (US/Eastern), Workshop A

Learn how to attack, exploit, and hack Kubernetes clusters and application workloads. In this workshop, attendees are set loose on a series of vulnerable clusters in a competitive and collaborative capture the flag. Full methods, solutions, and vulnerabilities are revealed, along with actionable mitigation steps to enhance a cluster’s security and lock down common misconfigurations. It is an entertaining and frenetic experience designed to develop the kind of expertise only realized in production environments. Emphasis is placed on collaboration and communication, which are key to unlocking some of the advanced flags. Previous experience with Kubernetes is required.

A CRI for HOPE: Cyberminds Research Institute Teaches Avoidance of Being a Social Engineered Victim

2022–07–23, 14:00–14:50 (US/Eastern), Workshop B

Many individuals feel after a pandemic that there’s no hope. Cyberminds Research Institute (CRI) is of a different opinion. Cyber-criminals attack those who are distracted with other life events. From the shadows of these attacks comes light and opportunity. HOPE evolves from the knowledge gained after cyber-attacks occur. After the pandemic and now a near recession, cyber-criminals are enthusiastically attempting social engineering related to lower gas prices, rent relief, mask mandates, free vaccines, bogus shot cards, and free COVID-19 funds. This offers new avenues of cyber-attacks where organizations and individuals are easy targets due to the distractions of a post-pandemic climate. This workshop focuses on social engineering, teaching and learning as a result of banally successful cyber-attacks, and the hundreds of unsuccessful cyber-attacks. Leave with hope and a technique to successfully avoid social engineers attempting to diminish hope for a safe cyber tomorrow.

Arduino for Total Newbies

2022–07–23, 14:30–18:00 (US/Eastern), Workshop C

You’ve probably heard lots about Arduino. But if you don’t know what it is, or how you can use it to do all sorts of cool things, then this fun and easy workshop is for you. Arduino is an amazingly powerful tool that is very simple to learn to use. It was designed so that artists and non-geeks could start from nothing and make something cool happen in less than 90 minutes. Yet it is powerful enough so that uber-geeks can use it for their projects as well. This workshop is easy enough for total newbies to learn all you need to know to get going on an Arduino. Participants will learn everything needed to play with electronics, learn to solder, and learn to use a solderless breadboard to make a TV-B-Gone remote control to turn off TVs in public places — a fun way to learn Arduino (and electronics) basics.

Cryptography and Smart Contract Security

2022–07–23, 15:30–18:30 (US/Eastern), Workshop B

Learn how blockchains, cryptocurrency, coin offerings, and smart contracts (including NFTs) work. Sam will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. You will configure wallets, servers, and vulnerable smart contracts, and exploit them. You will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. You will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws. This workshop is structured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and tips will be provided along with help as needed to make sure everyone is able to solve at least some of the challenges. No previous experience with coding or blockchains is required.

Analyzing Android Malware — From Triage to Reverse Engineering

2022–07–23, 19:00–23:00 (US/Eastern), Workshop B

Android malware has become prevalent across the landscape. In this workshop, Vitor will provide hands-on reverse engineering techniques for Android malware. This workshop is designed to provide the participants with different approaches to malware analysis, so that they can perform their own analysis without the use of automated tools. When everything else fails, knowing how the tools work under the hood provides the necessary knowledge to bypass the problems encountered. The attendees will learn, by doing it themselves, how to bypass the most common techniques used by malware to prevent analysis. The objective is that the attendees understand how they can use techniques like instrumentation and patching to help them analyze and bypass malware defenses when the automated tools fail, while using only free and open source tools.

Windows Internals

2022–07–24, 10:00–10:50 (US/Eastern), Workshop B

Explore the structure of Windows executable files and the operating system itself to better understand programs, services, malware, and defenses. Projects include: cheating at games, building malicious DLL libraries, stealing passwords from the API, building a keylogger, and debugging a driver. Tools used include pestudio, API Monitor, Visual Studio, OllyDbg, IDA Pro, Ghidra, and WinDbg. This workshop is istructured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and tips will be provided along with help as needed to make sure everyone is able to solve at least some of the challenges. No previous experience with Windows internals is required.

How to Start Contributing to Open Source: Examples From the Apache Software Foundation and Beyond

2022–07–24, 11:30–12:30 (US/Eastern), Workshop C

Open source software sounds great to use, and hopefully even better to contribute to! This session will discuss and demystify the various ways to get involved with open source software, with notable examples taken from within the Apache Software Foundation, though this session will speak to the larger ecosystem more generally.

Programming in Zero Knowledge

2022–07–24, 13:00–15:00 (US/Eastern), Workshop A

Zero-knowledge proofs are primitives for proving the integrity of arbitrary computation over confidential information. They are used in applications like private digital cash and anonymous voting. In this workshop, you will learn the theory behind zero-knowledge proving systems, and try your hand at writing a few circuits. The session will also brainstorm ideas for more private applications that can be built.

DCG 201 TALK HIGHLIGHTS FOR A NEW HOPE (EST)

This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)

UPDATE: There is a fourth track across from the Star Bucks, schedule and sign ups are at the main Info Desk!

Secrets of Social Media PsyOps

2022–07–22, 12:00–12:50 (US/Eastern), 416 DAC

Psychological warfare thorough social media is one of the most powerful weapons in today’s political battlefield. PsyOps groups have figured out how to sharpen the blade through algorithms and targeted advertising. Nation states are using PsyOps to influence the citizens of their enemies, fighting battles from behind the keyboard.

In this talk, BiaSciLab with cover a brief history of PsyOps and how it has been used both on the battlefield and the political stage — followed by a dive deep into how it works on the mind and how PsyOps groups are using social media to influence the political climate and elections worldwide.

BiaSciLab (@BiaSciLab, @GirlsWhoHack, @SecureOpenVote) is a 15-year-old hacker and maker. She was the youngest speaker at HOPE and has spoken at DEF CON in the Voting Village, Bio Hacking Village, and the r00tz Asylum kids con. She has spoken internationally on election security and has had her work highlighted at the congressional hearing on election security. This inspired her to build her own election system: Secure Open Vote. She is also the Founder and CEO of Girls Who Hack, an organization focused on teaching girls the skills of hacking so that they can change the future.

Engineering Your Own Disease Eradication Program

2022–07–22, 12:00–12:50 (US/Eastern), Little Theatre

How many times have you read a PopSci article claiming that a cure or a treatment of a disease has been discovered, only to never hear about it again? Sometimes it’s because the journalists were a little overzealous in their estimations. But just as often it’s merely because the treatment won’t play well in the marketplace, and the cure just sits on the shelf, inaccessible. The Four Thieves Vinegar Collective has been busy the last few years, not only unearthing specific examples of this, but also developing tools for individuals to develop their own discovery and manufacture processes. At this talk, a number of therapeutic regimens will be released, along with the newest version of the MicroLab, and online tools for chemical synthesis pathway discovery, which will go live for the first time and be accessible to the audience in real time during the talk. Requests will even be taken live on stage. It’s worth stopping by and seeing if there’s an easy way to cure or treat the disease you think is the most important to cure.

Mixæl Swan Laufer (@MichaelSLaufer, @4ThievesVinegar) worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He continues to work to make it possible for people to manufacture their own medical devices and medications at home by creating access to tools and information.

The Mathematical Mesh

2022–07–22, 13:00–13:50 (US/Eastern), Little Theatre

Another day, another data breach compromising personal data. Why don’t they just encrypt? Encryption is easy, but being able to access your encrypted data and use it on all the devices you use and share it with your co-workers is hard. The Mathematical Mesh is an open infrastructure that addresses the missing piece in Public Key Infrastructure: the management of the private keys. Devices connected to a user’s personal Mesh are automatically provisioned with precisely the set of keys, credentials, and data required to perform their function. The Mesh uses structural and threshold cryptographic techniques to achieve an unprecedented level of security without requiring the user to think about cryptography or security. The only configuration steps required to configure a device to use the Mesh replace prior network and platform configuration steps. And when the Mesh code is complete, these can be made as simple as a one-time QR code scan.

Phillip Hallam-Baker is a member of the CERN team that developed the World Wide Web, and is one of the significant contributors of the HTTP/1.0 specification. He has made major contributions to the design and deployment of the WebPKI and has had research appointments at DESY, CERN, MIT LCS, and MIT AI labs. He has served as principal scientist at VeriSign and Comodo.

CHERI: A Modern Capability Architecture

2022–07–22, 13:00–13:50 (US/Eastern), 206 DAC

CHERI (Capability Hardware Enhanced RISC Instructions) is an architectural extension to existing processor Instruction Set Architectures (ISA) that introduces capability-based memory protection. It has been realized atop MIPS64 and RISC-V in a variety of open-source FPGA soft-cores and atop 64-bit ARMv8.2a in the Morello research prototype, a 2.5GHz, 7nm, 4-core SoC. Capability-aware forks of the FreeBSD distribution, the LLVM tool chain, PostgreSQL, QT, KDE, and WebKit are under active development, as are gcc and Linux. CHERI’s instantiations are formally specified and key security properties are proven.

Using CHERI’s mechanisms, software can efficiently implement fine-grained, reliable, spatial, and temporal memory protection and scalable compartmentalization without needing to resort to MMU-based isolation. Though common wisdom holds that hardware capability systems are impractical, CHERI achieves its goals with low overheads while retaining compatibility with C, including modern features such as dynamic linking and thread-local storage.

CHERI occupies a unique point in the design space of architectural security work. It is a fundamental redesign of the abstract machine seen by system software programmers — the first such to the commodity abstract machine since the introduction of virtual memory — while still being a valid target for C programs. Unlike most of its competition, its security guarantees are deterministic, not probabilistic, and do not depend on secrets, reducing the risks posed to software by side-channels. All of these properties, together with the apparent viability exhibited across the decade-long research program, mean that CHERI is widely considered to be one of the few paths towards “getting to done” with vulnerabilities.

While the fundamentals of CHERI have not changed, the HOPE audience has likely not had very much exposure to the topic. Moreover, the availability of Morello silicon changes the story from “something that might have worked well with CPU designs in the 80s and 90s, but is only available in simulation now” to “this might actually be real, and might be part of the commercial ecosystem in five to ten years.”

Dr. Nathaniel “nwf” Filardo (@qedragon) has been a senior researcher at Microsoft Research since 2020, where he has continued to lead the effort towards heap temporal memory safety enforcement atop CHERI, after his postdoc position in the security group of the University of Cambridge computer laboratory.

In Which Interlaced Video Digitization Makes Me Forget About Dying (For a While)

2022–07–22, 14:00–14:50 (US/Eastern), Little Theatre

A side project to address a growing stack of videotape causes historian and archivist Jason Scott (textfiles.com, Internet Archive) to consider what exactly it means to try and capture data before it disappears forever; and along the way he takes you through oblivion, redemption, hopelessness, and perhaps some small amount of compassion.

You will also learn how to deinterlace video.

Jason Scott is the founder of textfiles.com, the Free Range Archivist of the Internet Archive (Wayback Machine, archive.org), and the Rounding Error of the calculus of worthiness to the Underground.

Cyber Security Certifications: The Good, The Bad, and The Ugly

2022–07–22, 14:00–14:50 (US/Eastern), 206 DAC

As hackers, we all have unique skills and abilities that are in huge demand globally. How can we demonstrate to non-technology people — HR and hiring managers — the value of the work we’ve done? Increasingly, everyone is turning to certifications as a way to demonstrate their knowledge and skills. But with so many certifications to choose from, and with courses and exams costing so much, how can we know which ones improve our job application and career prospects — and which ones hold us back? In this presentation, Tom will share his experiences from 30 years in the security industry — looking at the range of entry-, mid-, and high-level certifications. He’ll share what he looks for when hiring and building out his teams, how he evaluates candidates and their certifications, and which ones he recommends (and which to avoid) for people at all stages of their career.

Tom Kranz (@Whoopsie) has over 30 years’ experience in cybersecurity, starting with breaking into Prestel with a BBC Micro in the U.K. in the early 1980s. He’s now a CISO, published author, and consulting director. Tom has built cybersecurity teams for global companies, consultancies, and government departments, as well as advised executives and company leadership on how to change their hiring process to attract the best, relevant talent.

Plausible Deniability and Cryptocurrency Privacy

2022–07–22, 15:00–15:50 (US/Eastern), Little Theatre

Hackers around the world use cryptocurrencies like Bitcoin and ether every day under the mistaken assumption that these networks are somehow privacy-preserving (often conflating pseudonymity for privacy). This couldn’t be further from the truth, as it is in fact often easier to trace crypto transactions than fiat transactions. Even so-called private networks like Zcash and Monero aren’t failsafe from a privacy perspective. However, with a few tricks and tools, it is possible to preserve privacy on cryptographic networks in a robust way. This workshop will present a brief history of privacy successes and failures in cryptocurrency and blockchain with important case studies. It will also demonstrate tracing and de-anonymization of actual transactions in real time, and will present tools and techniques for guaranteeing strong privacy.

Arctic Byte is a long time cryptography and cryptocurrency enthusiast, with experience operating physical and digital infrastructure during each of the iterations of the Web (1,2,3). Currently working on decentralized infrastructure projects in technical roles, part of his job is to keep up-to-date on the latest iterations in privacy as it relates to the cryptocurrency space, and research the usability and feasibility of various methods and their implementations.

Porn Platforms Hate Them for Exposing Their Mischief With These Two Weird Tricks

2022–07–22, 16:00–16:50 (US/Eastern), 416 DAC

The non-profit organization Tracking Exposed (tracking.exposed/), which fosters digital rights and algorithm accountability, has developed a set of free-software tools (Potrex and Guardoni) with the intent of bringing light into the underlying mechanisms of one of the major porn platforms existing nowadays. Thanks to these tools, Giulia and Alessandro have achieved an unprecedented angle of view over biases and data processing malpractices that may affect these websites, collecting precious evidence that has proven useful for carrying out academic research and even digital forensics investigations. Their goal is to give empowerment to the users and help them reclaim their rights recognized by the European General Data Protection Regulation (GDPR) and even more. During this talk, they will present the research they have conducted regarding the abuses spotted on a porn platform whose algorithms seem to be operating in a seriously biased way. They will then explore signs of possible data protection law violations and will imagine together strategies and methodologies for the upcoming analysis of these platforms.

Giulia Corona (@trackingexposed) is a communication designer and data analyst. She has been working on a Tracking Exposed’s investigation on porn platforms since its beginning, both with data analysis and technical writing. She is also interested in the role of UX and UI in influencing users’ decision making processes.

Alessandro Polidoro (@trackingexposed) is an Italian attorney-at-law and the legal lead of Tracking Exposed, experienced in digital forensics and data protection law. Working closely with many hacktivist and civil society groups, Alessandro has always been passionate in advocating for digital rights.

Tracking Android Malware and Auditing App Privacy for Fun and Non-Profit

2022–07–22, 17:00–17:50 (US/Eastern), Little Theatre

Our devices are a window into our souls, and contain a vast trove of information that is valuable to both data-driven big business and hackers alike. On the surface, a popular social media app promoted on the Google Play Store and a piece of malware side-loaded onto a device may seem very different. From the perspective of reverse engineers and analysts of Android apps, however, the tools and methodologies are the same. Using a combination of static and dynamic analysis, we can begin to understand the behavior of apps that are installed on our devices, and see exactly what data they are siphoning and sending out.

In this talk, Bill will cover the tools, techniques, and device configurations used to conduct a privacy audit of a popular app or a behavioral analysis of a piece of malware. Drawing from his investigation of the popular Ring doorbell app to his more recent work dissecting a piece of malware which used Tor to discover a command and control (C2) server, this talk will be infused with real-world research and examples of both. In addition, the “apkeep” tool developed at EFF provides a powerful addition to the toolbox for anyone interested in downloading apps from various sources and app markets. Finally, he’ll present a configuration of a single Android device that can do real-time interception of encrypted network communication from apps run on it while on-the-go, which can be useful for when apps change based on location or user behavior.

If your interest is in reverse-engineering Android malware, in auditing the sensitive information which is habitually gathered by ostensibly legitimate data-driven businesses, or just in learning a little more about the world of app analysis, this talk will have something for you.

Bill Budington is a longtime activist, cryptography enthusiast, and a senior staff technologist on EFF’s tech projects team. His research has been featured in The New York Times, The Los Angeles Times, The Guardian, and cited by the U.S. Congress. He is the lead developer of Panopticlick, led HTTPS Everywhere from 2015 to 2018, and has contributed to projects like Let’s Encrypt and SecureDrop. His primary interest lies in dismantling systems of oppression, building up collaborative alternatives and, to borrow a phrase from Zapatismo, fighting for a “world in which many worlds fit.” He loves hackerspaces and getting together with other techies to tinker, code, share, and build the technological commons.

Moving Beyond Amazon Self-Publishing Purgatory

2022–07–22, 18:00–18:50 (US/Eastern), 416 DAC

Back in 2014 at HOPE X, John did a talk called “A Self-Publishing Success Story” detailing his process moving a book from a publisher to self-publishing on Createspace/Amazon. He had a good run on Amazon, updating the book again in 2017. Then, in 2018, Amazon merged Createspace into its “Kindle Desktop Publishing” (KDP) platform. In 2020, Huntington decided to update several paragraphs in the 475-page book, and this attempt at a simple text change led to his book being stranded in a virtual, dystopian Amazon purgatory. The only reasonable way out was to abandon Amazon KDP altogether. This led to moving everything over to IngramSpark for print copies, Google Play Books for EBooks, and DPD for individually watermarked, DRM-free PDFs.

In this talk, John will discuss the horrors of his Amazon nightmare, successfully moving onward, the self-publishing process in 2022, and the economic aspects of his recent self-publishing experiences.

John Huntington (@jhuntington) is a professor of entertainment technology at New York City College of Technology, also known as Citytech, which is part of CUNY. At Citytech, he leads the audio, live video, and networking/control areas and, through his company Zircon Designs, he freelances as an author, entertainment and show control systems consultant, and sound engineer. He is also an award-winning photographer and storm chaser. He has presented talks at every HOPE conference since 2010.

Quantum Computing: It’s Not Just Sci-Fi Anymore

2022–07–22, 18:00–18:50 (US/Eastern), Little Theatre

This talk will focus on the current state of quantum computing, including current infosec and other scientific use cases for post-quantum cryptography, open source and proprietary quantum development toolkits, and information about how to get involved in the quantum computing community. Quantum cloud computing technology will be discussed in depth, and there will be demos of quantum computing systems throughout the presentation.

Kevin Carter (@shotintoeternit) is a writer, technologist, and musician whose work has been featured in MAKE, 2600, and The Fiction Circus, among others. He runs the hypermedia reading series Derangement of the Senses and lives and plays laser harp in New York City. You can find more at shotintoeternity.com.

v<i>oid loop () — Minecraft</i> as My Musical Instrument

2022–07–22, 19:00–19:50 (US/Eastern), Little Theatre

autumnateeverything.com/void-loop/

void loop() is a collection of performances in an elaborate Minecraft world. Audio from the game is routed through Ableton Live for some live looping and other antics. This collection of pieces takes place in the Minecraft void biome. The title is a reference to the biome, the looping techniques Ramon uses, and the Arduino function: the Arduino IDE was used to program a Teensy 3.2 board that a Twitch audience can use to control his Minecraft character. Chat users can enter commands like !left and !right to turn his character at times during the performance.

In addition to using widely available Minecraft mods and resource/data packs, void loop () harnesses the power of Ableton Live and Max for Live for both signal processing and game control. Movement can easily be triggered by elements like MIDI messages or audio envelope following. Furthermore, Ableton Live and Max for Live can be extended using script-oriented objects (ClyphX Pro and node.js), making for an incredibly connected environment.

Finally, the video signal from Minecraft can be processed in novel ways using color keying. Specifically, void loop () turns part of the world into a “green screen.” Additional video processing happens in VDMX, a real-time video processing environment with sound reactivity and MIDI/OSC connectivity.

The development of these performances has led Ramon to develop numerous projects with his students at UMass Lowell (UML) that involve Minecraft as an immersive and collaborative musical instrument. In-game logic, scripting, and hackability foster a musically conducive environment where composers and performers can collaborate on highly expressive works. While these projects were created as part of the Contemporary Electronic Ensemble, they led to the creation of UML’s Video Game Ensemble where ultimately any game could be used as an instrument.

Ramon Castillo (Autumn Ate Everything) teaches several music technology and Composition for New Media courses at the University of Massachusetts, Lowell. His classes include Music and Sound for Games, Digital Synthesis and Remixing, and Contemporary Styles and Analysis. He directs the Contemporary Electronic Ensemble, which focuses on expressive live performance using electronic instruments not limited to DAWs, hardware synths and samplers, circuit bent toys, microcontroller development boards, signal processing units, video synths, and video games. He founded UML’s Video Game Ensemble which launches in Fall 2022. His creative output as composer and performer revolves around expressive/automated looping in Ableton Live and real-time Minecraft gameplay. Ramon regularly performs with his daughter, Luna, who got him hooked on Minecraft as a tool for artistic creation.

Let’s Talk: Bioprinting

2022–07–22, 19:00–19:50 (US/Eastern), 206 DAC

Are you curious about bioprinting? This talk will cover what bioprinting is, types of bioprinting, ways to practically get into bioprinting, neat use cases, and practical resources on bioprinting. This is an entry level talk that aims to demystify and educate.

Xavier Palmer is a hobbyist and recent biomedical engineering graduate from Old Dominion University. He likes to contribute to projects that promote literacy in STEM and is passionate about emerging biomedical technologies.

Novel Exploitation Tactics in Linux Userspace: One Byte OOB Write to ROP Chain

2022–07–22, 20:00–20:50 (US/Eastern), 206 DAC

Many of the complex surfaces in the GNU C library, such as malloc or IO, have been thoroughly deconstructed and analyzed to be utilized in exploit chains in Linux userspace. However, one surface, the runtime loader, is yet to be brought to its full potential. In this talk, Sammy will discuss going from one byte out-of-bounds write to a complete ROP chain without IO access and no brute force under extremely restrictive seccomp, without ever needing memory information leaks.

The talk will showcase cutting-edge exploitation tactics in Linux userspace, with a primary focus on utilizing rtdl, to pull off exploits that previously — without rtld — were completely inaccessible.

Sammy Hajhamid (@pepsipu) is a blockchain security auditor at OtterSec and is also a CTF player for DiceGang, a U.S.-based CTF team, specializing in binary exploitation. In his free time, he hacks and designs operating systems and embedded software, among other pwn-related things.

Practical Steps to Improve Privacy

2022–07–22, 22:00–22:50 (US/Eastern), 206 DAC

After having an in-person private conversation, have you noticed your search results and advertisements mimic the private discussion you just had? Privacy is not the default anymore. Privacy cannot be bought with a single product or service. As with security, privacy is a disciplined set of guidelines that must be followed for continued protection.

In this talk, Michael will present concrete steps that can be taken to increase the privacy and security of everyday computer usage. Topics will include levels of protection, operating systems, handling passwords, customizing web browsers, and Internet communication. You will be encouraged to push back against bulk surveillance by replacing proprietary products with alternatives through software freedom and to share the tips you will learn in this talk with your friends.

Michael McMahon has been a privacy advocate for years, and currently works as the web developer at the Free Software Foundation (FSF). The Free Software Foundation is a nonprofit with a worldwide mission to promote computer user freedom.

SATURDAY, JULY 23RD

Open Source RF Experimentation

2022–07–23, 10:00–10:50 (US/Eastern), 416 DAC

In a world of more software defined radio (SDR) projects and more open source hardware (OSH) projects, there are many ways in which RF spectrum can be exploited via receive-only projects or those making use of licensed or unlicensed spectrum applications. This presentation will cover trends for SDR and OSH worth thinking about, along with specific hand-picked examples of projects that both Steve and Joe are very excited about (and why).

Steve Bossert began his career working for a cellular network service provider performing quality assurance, and later moved into network design focused on location-based services. He has been a licensed amateur radio operator since 1998 while in high school and, before that, was involved in scanning, shortwave monitoring, and citizens band radio. Currently holding the callsign K2GOG, Steve is one of the co-founders of Hudson Valley Digital Network in 2017 and he enjoys RF electronic and antenna design, along with satellite communications, portable QRP operation across all bands, emerging technologies, and convergence of radio communications with other interests. Steve helped the Hudson Valley Digital Network to assist many people in finding new areas of interest involving radio communications. For the past 15 years, Steve has been a business strategist, helping a wide range of organizations navigate different market and technology issues. He currently is director of global sales for BCC Research. Steve currently resides in Poughkeepsie, NY along with his family.

Joe Cupano is thankful for what he calls “an accidental career” in technology that started with component-level repair of early microcomputers (as in solder iron) to turning technology tricks in three-piece suits for globally recognized companies. His first fusion of his amateur radio and computer interests was around 1983 when he successfully sent an auto-run computer program acoustically via VHF radio from one Sinclair ZX81 to another messing with a thermal printer. Joe has served roles in the amateur radio community that include the ARRL HSMM working group — which helped spawned the mesh networking popularity of today.

An Engineer’s Guide to Linux Kernel Upgrades

2022–07–23, 11:00–11:50 (US/Eastern), 206 DAC

The Linux kernel lies at the heart of many high profile services and applications. And since the kernel code executes at the highest privilege level, it is very important to keep up with kernel updates to ensure the production systems are patched in a timely manner for numerous security vulnerabilities. Yet, because the kernel code executes at the highest privilege level and a kernel bug usually crashes the whole system, many engineers try to avoid upgrading the kernel too often just for the sake of stability. But not every kernel update is dangerous: there are bugfix/security releases (which should be applied ASAP) and feature releases (which should be tested better). This talk tries to demystify Linux kernel releases and provides guidance on how to safely and timely update your Linux kernel.

Ignat Korchagin (@ignatkn) is a systems engineer at Cloudflare working mostly on platform and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ mobile communications division. His solutions may be found in many older Samsung smart phones and tablets. Ignat started his career as a security researcher in the Ukrainian government’s communications services.

Hacking Local Politics: How We Banned Facial Recognition in Minneapolis

2022–07–23, 12:00–12:50 (US/Eastern), 416 DAC

The lines between technology and society are becoming blurred to the point of nonexistence. The software we build oftentimes has more impact on the day to day lives of ordinary people than the laws passed by local governments. For reasons both practical and moral, it is becoming increasingly important for those of us with technical expertise to become more involved with the political process.
But if we want to move beyond armchair activism, we need to understand the system we are trying to hack. Drawing on the panelists’ recent experiences with passing an ordinance banning the government’s use of facial recognition in Minneapolis, and their work creating the Safety Not Surveillance Coalition, this presentation will offer concrete steps on how you can transfer technical expertise into effective political change.

Munira Mohamed (@Muniramaidenrue) works as a policy associate for the ACLU of Minnesota, where she assists the legislative department by building relationships with state and local lawmakers, working on the policy agenda, and monitoring key legislation. Her passion is advocacy around poverty and racial equity. In her free time, she loves reading sci-fi novels and figure drawing.

Chris Weiland (@rt4mn) is a freelance nerd and the co-chair of Restore the Fourth Minnesota. He wears his tinfoil hat with pride, and does not like sharing personal information about himself.

Breaking 19th Century Encrypted Newspaper Ads With Modern Means

2022–07–23, 12:00–12:50 (US/Eastern), Little Theatre

In the 19th century, encrypted newspaper advertisements were a common method of communication. They were used to transmit everything from love messages and business information to family news. Publication in a newspaper ensured that a message could be received anonymously and virtually everywhere, even by people on the go. Encryption ensured that (at least in theory) only the intended recipient could read the note. The three presenters of this talk have collected hundreds of encrypted newspaper ads from the 19th century from England, France, and the United States. Some of these ads are unique while others form series of messages, the longest of which includes over 50 advertisements published over several years. Some messages were solved quickly, some are still being solved today, and others remain unsolved.

To solve ciphertexts of this kind, modern codebreaking tools can be used, such as the open-source software CrypTool 2 or the free online service dCode.

This talk presents the most interesting newspaper ads from the lecturers’ collection along with the background stories. It is shown how these messages can be broken with modern algorithms implemented in free software tools. In addition, some of the toughest unsolved advertisements are introduced and potential solution approaches are explained.

A.J. Jacobs (@ajJacobs) (ajjacobs.com) is an author, journalist, lecturer, and human guinea pig. He has written four New York Times bestsellers that combine memoir, science, humor, and a dash of self-help. He is also editor at large at Esquire Magazine, a commentator on NPR, and a columnist for Mental Floss Magazine. He has appeared on Oprah, The Today Show, Good Morning America, CNN, The Dr. Oz Show, Conan, and The Colbert Report. He has given several TED talks, including ones about living biblically, creating a one-world family, and living healthily. For his latest book, The Puzzler: One Man’s Quest to Solve the Most Baffling Puzzles Ever, From Crosswords to Jigsaws to the Meaning of Life, A.J. dived into the world of puzzles, including cryptography and codebreaking.

Klaus Schmeh (@KlausSchmeh) (schmeh.org) is the most-published cryptology author in the world. He has written 15 books (in German) about the subject, as well as over 250 articles, 25 scientific papers, and 1500 blog posts. Klaus’s main fields of interest are codebreaking and the history of encryption. His blog Cipherbrain is read by crypto enthusiasts all over the world. Klaus is a popular speaker, known for his entertaining presentation style involving self-drawn cartoons and Lego models. He has lectured at hundreds of conferences, including the NSA Cryptologic History Symposium, HistoCrypt, the Charlotte International Cryptologic Symposium, and the RSA Conference in San Francisco. In his day job, Klaus works for an IT security company. With co-author Elonka Dunin, he recently published the book Codebreaking: A Practical Guide, as well as an article in the academic journal Cryptologia on hill climbing techniques, entitled, “How We Set New World Records in Breaking Playfair Ciphertexts.”

Elonka Dunin (@ElonkaDunin) (elonka.com) is an experienced crypto expert, co-founder and co-leader of a group of cryptographers who are working hard to crack the final cipher on the famous Kryptos sculpture at CIA Headquarters. She maintains a list of the world’s most famous unsolved codes on her elonka.com site, and has written multiple books, including The Mammoth Book of Secret Codes and Cryptograms. Bestselling author Dan Brown named one of the characters in his Da Vinci Code sequel, The Lost Symbol, after her. (“Nola Kaye” is an anagrammed form of “Elonka.”) She is a member of the board of directors for the National Cryptologic Foundation, and is a lifetime member of the International Game Developers Association. With co-author Klaus Schmeh, she recently published the book Codebreaking: A Practical Guide, as well as an article in the academic journal Cryptologia on hill climbing techniques, entitled, “How We Set New World Records in Breaking Playfair Ciphertexts.” In 2021, she gave the TEDx talk, “2,000 Years of Ordinary Secrets.”

Unpickable But Still Unlockable: Lock Bypass Tricks in the Field

2022–07–23, 13:00–13:50 (US/Eastern), Little Theatre

Physical red-teams rely heavily on nondestructive bypasses when doing vulnerability assessments: under-the-door tools, latch-based attacks, climbing through vents and around walls and fences. But how well do these techniques actually work in the field — when time is of the essence and it’s not in a controlled training environment? This talk will focus on a plethora of real life successes, failures, and lessons learned for how to make these techniques work in practice. Karen and Bill have talked extensively about the mechanics of lock bypass in the past — most notably at the Bypass 101 sessions Karen gives with the Physical Security (formerly Lock Bypass) Village. They will recap the fundamentals of each technique here too — but now you’ll get to learn from their years of experience in what actually works.

Bill Graydon (@access_ctrl) is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure. This has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running the Physical Security (formerly Lock Bypass) Village at various cons. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in physical and cyber security, anti-money laundering, and infectious disease detection.

Karen Ng (@hwenab) is a risk analyst at GGR Security, and is one of GGR’s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the village leads at the Physical Security (formerly Lock Bypass) Village, and works with the rest of the LBV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.

Defensive Computing

2022–07–23, 13:00–13:50 (US/Eastern), 206 DAC

The focus of the tech press has always been on the sky falling. The disaster of the day makes for great headlines, defending yourself does not. When defensive advice is offered by the press, it is typically the same old thing over and over. This talk will not round up the usual suspects. For example, when it comes to VPNs, Michael will cover features to look for that the tech press has never mentioned, along with multiple ways to verify that a live VPN connection is functioning correctly. One of the best ways to avoid being tracked and spied on is DNS, so he will cover DNS starting with an overview of legacy vs. encrypted DNS, then ways to test your DNS environment and NextDNS. Anyone who understands the rules for domain names cannot be fooled by scam websites, so both the rules and common scammer naming tricks will be covered. You will see how the concept of a secure website is, in many ways, a scam. A new approach for dealing with passwords will be suggested.

Defensive computing is not security. This talk is not about software bugs or vulnerabilities. In general, it is for non-techies, but techies are sure to get something from it and their input will be most appreciated.

If time allows, other topics on the agenda will include: Chromebooks, router security, locking mobile apps, Gmail, banking, creating multiple email addresses, and keeping important medical information on a cellphone.

Michael Horowitz (@defensivecomput) is a retired computer nerd, having started with IBM mainframes back in the 1970s. (His Twitter ID is not a typo — he wanted @defensivecomputing but it was too long.)

How Do MRI Machines Work? An Introduction to MRI and Open Source Imaging

2022–07–23, 14:00–14:50 (US/Eastern), 206 DAC

Superconducting, cryogenically cooled, terrifyingly strong magnets, bordering on perpetual motion; radio frequency (RF) coils big enough to crawl inside; fast switching, high power amplifiers to create hazardous levels of robot noises (and also flip around some magnetic fields). All in one giant Faraday cage. This talk will give a broad overview of the various technologies at work in a magnetic resonance imaging (MRI) machine, as well as highlight some of the work of the OpenSourceImaging.org community.

Douglas Brantner is an MRI research engineer working on sensors, electronics, software, and simulations for MRI as well as ultrasound. He was inspired to change careers and go back to school several years ago at HOPE. In his brief time in this new field, he has already been co-author on two academic MRI conference presentations, one of which is now a project on OpenSourceImaging.com.

Leaks and Hacks: Four Years of DDoSecrets

2022–07–23, 16:00–16:50 (US/Eastern), 416 DAC

Distributed Denial of Secrets has published more than 70 terabytes of data since launching in 2018. The transparency collective formed to capture the data released by hackers and leakers, and to keep documents of historical importance available to journalists and other researchers.
DDoSecrets has since become a stable repository for many sorts of archives, despite pushback and censorship. During Russia’s war on Ukraine, hacktivists took a special interest in Putin’s sprawling bureaucracy, exfiltrating reams of records from the erstwhile insular country. With their mission and experience publishing data like Blueleaks, DDoSecrets was well-placed to archive the informational spoils of the cyberwar.
They believe that data can only be a part of the story, so they rely on the public to examine their datasets in detail. They have made mistakes along the way. The project is a work in progress. They want their existence to provide inspiration for future leaks publishers, and hope for sources. Come to hear them discuss the strategies that they’ve seen work.

Emma Best (@NatSecGeek) is a journalist and transparency advocate who has filed thousands of FOIA requests with government agencies and written hundreds of articles. They co-founded the DDoSecrets collective and work with source submissions and the receipt of data. They are married to fellow collective member Xan North, and raise a kid and two cats together.

Freddy Martinez (@twocatsand_docs) is a hacker and transparency activist with extensive experience in public records gained through FOIA and other sunshine laws. He draws on his experience as a Mozilla/Freedom of the Press Foundation fellow, and is the co-founder of Lucy Parsons Labs.

Lorax B. Horne (@bbhorne) is a non-binary writer and journalist from Canada, Ecuador, and the United Kingdom. They are a former member of DDoSecrets’ board of advisors, and currently sit on the board of the DDoSecrets non-profit. They work with researchers on how to make the most of the archive.

Right to Repair: Fixing the DMCA and Legalizing Tinkering

2022–07–23, 17:00–17:50 (US/Eastern), 206 DAC

You gotta fight! For your right! To fix and tinker with your stuff! But the evil Section 1201 of the DMCA still stands in your way. Kyle will lead a discussion on the latest efforts to fix that, from the leader of the coalition that passed Right to Repair in New York and is crusading for fixer rights everywhere.

Kyle Wiens (@kwiens) is the CEO of iFixit, the free repair manual. He’s dedicated his life to defeating the second law of thermodynamics, a battle fought in the courtroom as often as in the workshop. Kyle led the international coalition that established repair as a cornerstone of the circular economy and got the Right to Repair law passed in New York.

Online Operations for Protests and Pranks: How to Get the Truth Out Without Getting Shut Down

2022–07–23, 18:00–18:50 (US/Eastern), 416 DAC

As the Internet centralizes, it gets harder to keep sites up that disrupt corporate power. In 2020, several members of climate activist group Extinction Rebellion took their street-based disruptions online, to get the attention of big companies that were contributing to climate collapse. They adopted the tactics of prankster/activists The Yes Men. They began with a viral pseudo-announcement from Google regarding their funding of climate-denying lobbyists. The activists recently went after a refinery project in Wisconsin, resulting in dozens of articles and TV news stories. These activities and other similar online protests invite takedowns galore from target corporations. This presentation will explore learnings for keeping a site up and maximizing impact in the face of legal complaints and takedown requests targeting domain registrars, Internet service providers, email service providers, and social media networks.

Jim Haugen co-founded the Modest Proposals, a digital performance art collective affiliated with Extinction Rebellion and the Yes Men. He previously organized tech workers and digital protests with Extinction Rebellion to advocate for stronger environmental commitments from tech companies.

Sam Peinado co-founded the Modest Proposals, a digital performance art collective affiliated with Extinction Rebellion and the Yes Men. He spent four years as a product designer in cloud infrastructure before joining the climate fight full-time, building APIs for greener electricity markets.

Demand Protest: Manufacturing Truth in a Post-Truth Era

2022–07–23, 19:00–19:30 (US/Eastern), 416 DAC

Online hoaxes have evolved from the realm of folk tales and anarchic fun to becoming one of the primary weapons of choice in the post-truth world, now used by intelligence agencies, corporate interests, and even hacktivists. This talk will examine the history of online hoaxes and propaganda while dissecting the tools and tactics that have become the modern weapons of political warfare. SquareMatrix will provide a behind-the-scenes anatomical look into the inner workings of Demand Protest, an online political hoax purporting to be a company running large-scale paid protesting and public influence operations. This project briefly captured conservative media’s imagination in the run-up to the 2016 election and ultimately forced them to debunk a false narrative about paid protesters that they themselves had created. The tactics and learnings from a hoax that caught the attention of The Washington Examiner, InfoWars, “The Drudge Report,” and Tucker Carlson will all be laid bare by those that perpetuated it. Why leave shaping reality to the bad guys?

SquareMatrix (@TheSquareMatrix) is a hacker and underground artist from San Francisco. He is passionate about electronics, transmedia storytelling, and perpetuating hoaxes.

Combating “Ransom-War:” Evolving Landscape of Ransomware Infections in Cloud Databases

2022–07–23, 19:00–19:50 (US/Eastern), 206 DAC

The attackers are targeting cloud databases used for modern applications to subvert the integrity and confidentiality of the stored data. Databases, including MongoDB, Elasticsearch, etc., are being infected with ransomware and exploited in the wild to conduct data exfiltration and data destruction. This talk will present a threat landscape of ransomware and botnet infections in the databases deployed for modern applications. The talk unveils the techniques and tactics for detecting ransomware and botnet infections in the cloud databases by practically demonstrating the detection of real-world infections using developed tools. The audience can use the tools to conduct an efficient security assessment of cloud databases against severe infections. The talk equips the threat researchers and penetration testers to build threat intelligence that can be consumed at a large scale. The audience will visualize real-time ransomware detection in cloud databases, including interesting insights into how these databases are compromised.

Aditya K Sood, PhD (@adityaksood) is a cybersecurity advisor, practitioner, researcher, and consultant. Dr. Sood obtained his PhD from Michigan State University in computer sciences. Dr. Sood is also an author of Targeted Cyber Attacks and Empirical Cloud Security books. He works as senior director of threat research and security strategy at the Office of the CTO at F5.

Hacker Representation Through the Years: A Guided Tour of Hacker Appearances in TV and Cinema

2022–07–23, 20:00–20:50 (US/Eastern), Little Theatre

How did we get here? How did we get to the hacker hoodie? How did we get to the nefarious villain typing through walls of eerie green phosphor?

MrSynAckSter and FakeRussian will take you on a trip through the history of hacker representation, charting the formation of the hacker “character” in the popular consciousness through their representation in film and TV. Starting with early references and moving on to the iconic, the presenters will show how the hacker got their hoodie and how the character was shaped in the popular imagination. You will also get a chance to explore alternate views of hacker representation in film and TV, including obscure foreign movies as well as lesser known works. Hilariously off-base examples are sure to crop up

Alex Ivanov (FakeRussian) developed an interest in mischief in gaming into a career as a hacker and “information security professional” with multiple absolutely-legitimate degrees and certifications that were completely necessary for career advancement. As a student and participant in the cultural zeitgeist of hacking, they take pleasure in toasting and roasting media portrayals from the accurate to the laughable. Part of making infosec click with the current generation is highlighting real-world relevance to the systems they use every day: tampering is never proprietary.

John Dunlap (MrSynAckster) (@JohnDunlap2) is a vulnerability researcher, security engineer, biohacker, amateur historian, animator, jazz musician, DJ, graphics programmer, mantis farmer, Tetris aficionado, and social engineer. John makes weird machines, weird music, and weird conference talks. John writes demos in the demoscene when he’s not doing hacker things.

Cat-Shaped Hacker Hardware: How I Accidentally Made a Business at 18

2022–07–23, 20:00–20:50 (US/Eastern), 206 DAC

Education-focused hardware fails to fill gaps of knowledge in niche areas of computer science (like cybersecurity), often begetting compromises in user accessibility. When Alex set out to design the “WiFi Nugget” — a beginner-friendly, cat-shaped development board catered towards cybersecurity beginners — he was faced with unique challenges in creating a platform that brought both ease-of-use and extensibility to users. He wanted a hands-on design that would make it easy for beginners to learn daunting topics like WiFi security and USB attacks through a guided, streamlined interface — while also offering accessible hardware and software modularity.

Striking a balance between both while attempting to successfully bring a niche product to market engendered interesting design problems. Learning to surmount these challenges — in effective interface design, hardware prototyping, supply-chain management, and more — has since scaled this project into a successful startup that creates cybersecurity-focused content around an open-source project, and allows for employing budding makers in the local community to help assemble products.

The current iteration of the Gameboy-esque WiFi Nugget allows beginners to assemble a DIY kit including a screen, D-Pad button interface, multicolor LED, WiFi microcontroller, and 3D printed enclosure. And through (cat-themed) software like the “Nugget Invader,” users can learn and test out common WiFi attacks through an intuitive interface while getting reactive feedback via cute cat graphics and a colorful LED indicator. Other software like the “RubberNugget” also allows users to explore hacking techniques such as HID attacks, letting them deploy DuckyScript keystroke injection payloads and more.

The multifaceted WiFi Nugget has been the centerpiece of community workshops, allowing for the teaching skills in hardware assembly and design, WiFi hacking, Python scripting, and more — and also is fostering the growth of the hacker community by empowering beginners with free, open-source educational content. In this talk, Alex will discuss the challenges he faced in designing a niche, education-focused tool for cybersecurity beginners, and he will outline how his design choices grew this project into a successful startup in six months.

Alex Lynd (@alexlynd) (alexlynd.com) is an 18-year-old open-source developer and cybersecurity content creator. He appears on shows such as Hak5 and SecurityFWD, and runs a hardware business called HakCat, where he creates open-source products and educational content that (he hopes) will empower the next generation of makers and hackers. Alex is interested in signals intelligence, microcontrollers, and sustainable design, and enjoys finding ways to fuse computer science with his other hobbies.

Social Steganography: Sending Messages in the Clear for Fun and Nonprofit (Or How I Learned to Stop Worrying and Love Cleartext)

2022–07–23, 22:00–22:50 (US/Eastern), 206 DAC

Much has been spoken about the topic of the “CIA triad” (Confidentiality, Integrity, and Availability), but much less has the topic of non-repudiation been discussed. In this talk, Greg will discuss how the most powerful propaganda is the selective telling of truth as he discusses deploying disinformation techniques developed for use in totalitarian regimes (specifically, a ride on the choo choo from Moscow to Beijing) in his own area code due to a combination of COVID and killer cops. Come to this talk if you want to learn to navigate in a cyberpunk hellscape of hot takes and cold reads so fearless and adversarial, when you’re done using your free expression, they’ll have to shut down your old scout troop and the Catholic Church that hosted them.

Greg (@garlicrouted) is a queer, autistic, antifascist, Appalachian phreak who hasn’t left the United States since the Obama administration, and has attended hacker gatherings on and off since Defcon 17. This is his first in-person HOPE. Greg has never been employed by the Central Intelligence Agency (so stop asking).

SUNDAY, JUNE 24TH

ARTificial Intelligence — How IP Law Handles Machine Creations

2022–07–24, 10:00–10:50 (US/Eastern), 416 DAC

The development of sophisticated machine learning models in recent years has been pushing into realms of human creativity, and that has implications for patent and copyright law. Can a machine be an “inventor?” Does the machine’s output qualify for copyright protection? The development of the DALL-E and DALL-E 2 systems directly call the very concept of “creativity” into question, while the former is being actively litigated in courts around the world.

Ed Ryan is a New York intellectual property attorney specializing in patents with a background in physics. Ed’s practice deals heavily with machine learning technologies.

Shoplifting on a Budget: Exploring Bypasses for Retail Security Tags

2022–07–24, 11:00–11:50 (US/Eastern), Little Theatre

Shoplifters vs. security. In this talk, you will learn how to think like a criminal… and about retail loss prevention. Stores deter theft using Electronic Article Surveillance (EAS) devices, which include clothing ink tags, security boxes/wraps, and labels. This talk will cover EAS basics, demonstrate functionality, and bypasses of several device types.

Audience members may volunteer to participate in the ‘Catching a Shoplifter’ challenge to see if they can bypass EAS devices without tripping the alarms. Hackers will enjoy EAS bypasses due to the similarities between wireless hacking, lock-picking, and lock-bypassing. This also provides security awareness for loss prevention and C-level decision makers when selecting theft deterrents of this nature.

MakeItHackin (@MakeItHackin) had his Electronic Article Surveillance (EAS) research start in a physics classroom when learning about Faraday cages. During the 2020 lockdown, he started creating hacker-related content on social me

Electronic Warfare on a Budget of $15 or Less

2022–07–24, 12:00–12:50 (US/Eastern), 416 DAC

You are constantly being irradiated by a plethora of gadgets and gizmos firing photons through your body every second, so why not figure out how to read those airwaves?

Learn to, on a $15 budget: plot the flight paths of dictators; stingray your own phone; track the movements of fishing fleets; listen to the local taxi dispatch; find signal from outer space and other radio astronomy; read airline pilots’ text messages; get pinged when pager messages are sent; hack Wi-Fi (but with an SDR); communicate via shooting star (really); and much, much more!

Lucas Rooyakkers is a software engineer at a satellite company, coming from a background in the military with a degree in physics. He has a keen interest in the interface between physical and cyber security, and how SDRs can be used to violate many assumptions about wireless security systems. Lucas has written software for several low earth orbit satellites whizzing above your head every two hours in space, and Lucas speaks Esperanto.

Cast-Away: A DIY Platform for Video Capture, Automation, and Various Antics

2022–07–24, 12:00–12:50 (US/Eastern), 206 DAC

Inspired by existing projects (and some cable company shenanigans), this venture seeks to develop a few tools to assist in the capture and analysis of analog recorded and digital broadcast video sources. Currently dubbed Cast-Away, the system is designed to provide remote monitoring of live video, a bit of computer vision, and to reduce a few headaches involved with elder media through automation. Utilizing available off-the-shelf parts, the goal is to provide a low-cost and accessible solution that can also be a useful starting point for others to build on. This effort is a work in progress.

Adam Tannir tells stories to computers, currently focusing on robotics, computer vision, and neural networks. He is a founding member of FUBAR Labs, New Jersey’s oldest hackerspace. He still believes that “the mind is a fire to be kindled,” but tries to be more concise nowadays.

Revolution During Disintegration: Lessons From a Brief History of Yugoslav Computing

2022–07–24, 14:00–14:30 (US/Eastern), 416 DAC

The socialist Yugoslav state was in many ways an aberration of the polarized Cold War period. Socialist, but not Soviet-aligned; friendly, but not exactly allied with Western Europe and the U.S.; its unusual position produced unique developments in computing. At our current tumultuous historical moment of the pandemic, worsening climate crisis, and most recently the Russian invasion of Ukraine, we may be witnessing another global polarizing moment that may have long term political, cultural, and technological consequences. By looking at unusual technological developments from the late Yugoslav period — the curious case of Iskra Delta and DEC collaboration, the history of the Galaksija (the Yugoslav DIY microcomputer), and the development of JUPAK (Yugoslav Packet Network) — Vlado will offer a few lessons as we potentially move into a world where technology is once again an integral part of geopolitical conflict.

Vlado Vince (@mejs), (@mejs@mastodon.social) is a technologist with an interest in the history of computing and networks, with a focus on non-Western countries before the end of the Cold War. He posts about his research on Twitter and Mastodon.

School Districts Should Not Be in the Business of Intelligence Collection

2022–07–24, 14:00–14:50 (US/Eastern), 206 DAC

Why in the world would a school board need to collect intelligence on parents, students, and the public to evaluate if they are a threat, including to a school district’s “brand?” Such data collection is reminiscent of intelligence-community abuses exposed in the 1970s during hearings of the Senate’s Church Committee.

In the name of “safety,” Fairfax County Public Schools, located in the spy capital of the world, is seeking to acquire a covert intelligence capability without oversight. Last November 11th, Fairfax County Public Schools published “Informal RFP3100000481” for “software to expand the FCPS social media research program, to allegedly detect or deter any negative actions or consequences from social media which may be directed to racial groups or any other student or teacher within FCPS.” Fairfax, Virginia is not unique. Other school districts across the country are seeking to develop this capability. This talk will explain why parents, students, and the community should be aware.

Harry Jackson(@HarryJ4Justice) is a parent advocate who has over 15 years of federal government experience, is an assistant professor at National Intelligence University, and is an adjunct professor at numerous universities. Harry has been a volunteer in his children’s schools for the past decade. He served as a member of the Thomas Jefferson High School PTSA Diversity Committee and established key partnerships and initiatives to improve diversity.

Five Dollar Cyber Weapons and How to Use Them

2022–07–24, 15:00–15:50 (US/Eastern), 416 DAC

For five dollars, hackers can buy more power than ever before thanks to low-cost microcontrollers! The cost of sophisticated attacks has dipped below five dollars, but knowing the capabilities of each platform can be confusing. Kody will highlight free projects demonstrating advanced Wi-Fi phishing, HID bad USB attacks, and bleeding edge Wi-Fi research using the ESP8266, ESP32s2, and other low-cost microcontrollers! Finally, he’ll show how anyone can get started programming their own custom hacking tools using beginner CircuitPython.

Kody Kinzie (@kodykinzie) (www.hack.gay) is a security researcher specializing in open-source intelligence and Wi-Fi security. He teaches cybersecurity to millions of beginners on two popular YouTube channels called Hak5 and Null Byte, as well as organizing cybersecurity training and outreach events in Los Angeles. He has presented on security topics at RSA, Chaos Communication Congress, Layer One, and HOPE.

Writing for the Ear

2022–07–24, 16:00–16:50 (US/Eastern), 206 DAC

The purpose of this proposed talk is to explain the audiobook process, be it for LibriVox, Reading for the Blind, or Audible. Topics to discuss will include post-production delivery formats, production workflows (covering hardware and software), and setting up pre-production (book production and personnel coordination). Emphasis will be placed on free/libre toolchains, existing talking book and audiobook standards, and preventing problems that can snarl the workflow.

Xio (@XioNYC) is a long-time institution of NYC2600 and has accumulated decades of knowledge of the communication arts, from pre-production to finished product. A three-time HOPE conference lecturer, he passes along his wisdom for hacking, accessibility, philosophy, and getting by on minimal budgets. 12h 24m 09.927(9) -40°41'29.7(3)

We’ll Pwn You With Your Wattpad Profile

2022–07–24, 16:00–16:50 (US/Eastern), Little Theatre

Most people don’t know how to choose secure passwords. From those that aren’t even long enough to withstand brute-force attacks to those that include one’s public personal information, many passwords found in the wild are vulnerable to being cracked. In Roman’s talk, he’ll go beyond traditional password security education by discussing how exactly hackers would discover your password and what you can do to stop them. He’ll also showcase his team’s research into automating targeted password guessing attacks: they refined a GPT-3 model on user data from the Wattpad security breach to predict users’ passwords based on information like their username and profile bio. The results? Their model’s guesses are more than three times as accurate as non-targeted ones — no manual OSINT skills required!

Roman Hauksson-Neill (@RomanHauksson) (roman.hn) is a free software advocate, software developer, and computer science student at the University of Texas at Dallas. He’s the director of ACM Research (an undergraduate computer science research program) and an officer for OpenUTD (a student organization for Linux and other FOSS). Like some other speakers at HOPE, he’s obsessed with Internet privacy, likely to his detriment.

You’ll Pay For That: Payment Systems, Surveillance, and Dissent

2022–07–24, 17:00–17:50 (US/Eastern), Little Theatre

There has been a quiet revolution in payment systems and government power. Government efforts to track credit and banking transactions have exploded. Government efforts to discourage cash and to regulate cryptocurrencies have increased. Using examples from Canada, Ukraine, China, and Nigeria, this talk will examine these mechanisms of financial surveillance, discuss the latest innovations in government efforts to track even privacy-oriented cryptocurrencies, and highlight the debates within our community as to how to approach financial surveillance issues. What is our responsibility, as hackers, technologists, and civil liberties people to maintain the privacy from surveillance of people engaged in disfavored forms and topics of organizing and protest? Can we ensure that systems that permit freedom are able to transact privately? Without that freedom, it will be much harder to organize dissent to, well, anything.

Alex Marthews (@rebelcinder) is a U.S.-U.K. dual citizen and father of four living in Massachusetts. He has served as national chair of Restore The Fourth since 2014. His master’s degree is in public policy, focusing on discrimination in online blocking and filtering systems. At The Eleventh HOPE, he spoke on “Surveillance Gives Me Chills,” and at The Circle of HOPE spoke on a panel titled, “And This Is It? What Went Wrong with Surveillance Reform After Snowden.” In his prior career, he was the executive director of nonprofits in the fields of historic preservation, poverty, and girls’ education in East Africa.

--

--

DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org