This is the 5th year that I’ve attended the CCC’s major event. I spent 4 days at the 33rd CCC conference in Hamburg (Germany), where a somewhat over 60,000 people attended this year, Other than an opportunity to catch up with old friends, and learn what’s new in the hacking scene - there were awesome talks (just like any year).
I thought to dedicate this blog post to the best talks I saw, obviously this is very subjective (and suffers from a selection bias).
For those talks that were of special interest, I added a small disclaimer describing the talk - the others are still recommended.
The CCC event is always full of interesting people, great community and a crowd of hackers and makers interacting together. There is a strict policy not to photograph people without their consent - so the photos below show some atmosphere and not people.
The Beutiful CCH at day and night
A surprise appearance during the Keynote, unfortunately no Doctor…
Just like every year, a brigade of yarn bombers knit everything
Sadly, this was hung days before Carry Fisher passed away
- and got a new meaning after her passing
Memes were all over the place…
Recommended talks have a tag for easier lookup.
- ==Must Watch== Everything you always wanted to know about certificate transperancy. This was an interesting talk walking through the various stages and entities in the process
- Exploiting PHP7 unserialize. Interesting analysis of actual issues, although adoption of PHP7 is not very wide at this time.
- ==Must Watch== Bootstraping a slightly more secure laptops. A very interesting talk on CoreBoot, an open-source BIOS firmware initiative with many benefits (e.g. Security, performance)
- The DROWN attack. A very interesting talk on SSLv2 downgrading attack on TLS. It is interesting to note that although most clients (browsers) do not support SSLv2, some servers still do.
- ==Must Watch== Shut up and take my money!. An excellent and entertaining talk about N26, a mobile banking application, and their amusing secure protocol.
- Pegasus Internals. A very interesting deep dive into the internal of the Pegasus malware. a tough watch, mainly due to the speaker’s accent, but recommended.
- Untrusting the CPU
- ==Must Watch== Nintendo Hacking 2016. A very good talk from FailOverflow, the hacking group behind past PS3 hacks. this year they displayed their project to run Linux on PS4, successfully - with hardware acceleration!. a very interesting deep dive into the security and low level work required to reverse this.
- ==Must Watch== Deploying TLS 1.3: the great, the good and the bad. A very interesting talk on the rationale and benefits behind TLS 1.3 as well as some insight into the ramification of deploying it in the field.
- Where in the world is Carmen Sandiego
- Console Hacking 2016
- Tapping into the core
- Gone in 60 Milliseconds
- ==Must Watch== In search of evidence-based security. A nice talk on a subject that lacking in today’s security field - science. how do we support the claims we make in a scientific way?
- Wheel of fortune
- ==Must Watch== Recount 2016: An uninvited security audit of the US presidential elections. A very nice talk on the work behind attesting to the integrity of the US election and the issues involved from a security perspective.
- on the security and privacy of modern single sign on in the web
- ==Must Watch== How do we know our PRNGs work properly?. A good talk on how to ascertain that the PRNG we use are working properly. Their work validated known issues as well as finding new issues in popular PRNGs.
- ==Must Watch== Memory deduplication: the curse that keeps on giving. A very interesting talk on the side effects of memory de-duplication and the security issues that arise from it (more than ROWHAMMER).
Although there were some nice talks, I attended some workshops. The workshops are the real value of the congress as they allow to learn from experts on random subjects, in the ad-hoc gathering. Unfortunately - no videos.