To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
11:00
11:00
50min
A New HOPE Begins!

At last, it's the culmination of years of preparation in finding a new home and getting past this damn pandemic. As A New HOPE finally begins, we're happy to also help kick off our sister conference May Contain Hackers (MCH), taking place simultaneously on a campground in the Netherlands. There will be plenty of communication between the two throughout the conference.

416 DAC
11:00
120min
Irradiant Waves Program (1 of 6)
David Goren

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City's vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

Other
12:00
12:00
50min
Capture the Flag

DiceCTF - Come participate in a capture-the-flag competition organized by
DiceGang! Open to all skill levels; challenges will range from easy to hard.
Learn the basics of binary exploitation, reverse engineering, web hacking, and
cryptography with some hands-on challenges. Team up with friends to compete for
prizes! The competition will run throughout the conference and you can
participate in-person or online.

311 DAC
12:00
50min
Engineering Your Own Disease Eradication Program
Mixl S. Laufer

How many times have you read a PopSci article claiming that a cure or a treatment of a disease has been discovered, only to never hear about it again? Sometimes it's because the journalists were a little overzealous in their estimations. But just as often it's merely because the treatment won't play well in the marketplace, and the cure just sits on the shelf, inaccessible. The Four Thieves Vinegar Collective has been busy the last few years, not only unearthing specific examples of this, but also developing tools for individuals to develop their own discovery and manufacture processes. At this talk, a number of therapeutic regimens will be released, along with the newest version of the MicroLab, and online tools for chemical synthesis pathway discovery, which will go live for the first time and be accessible to the audience in real time during the talk. Requests will even be taken live on stage. It's worth stopping by and seeing if there's an easy way to cure or treat the disease you think is the most important to cure.

Little Theatre
12:00
120min
Freedom of Information (FOI) Workshop, 1 of 2
Michael Ravnitzky

Public records requests are an important research tool. But for these requests to be effective, you need to know how to make the requests so they have the best chance of success, and to be able to counter obstacles that agencies may throw in your path. This workshop teaches the nuts and bolts of submitting FOI requests to federal, state, and local agencies. Learn how to formulate and submit records requests (even from your phone), and how to overcome stonewalling, delays, unfair fees, and release of records in unhelpful formats. Find out how to tap agency portals to track requests, how to negotiate with agencies on the scope of your request, how to best appeal incorrect agency decisions, and how to seek declassification of classified records. The workshop will offer ample opportunities for Q&A, so bring your toughest FOI questions and real-life examples to learn from.

Workshop A
12:00
50min
Secrets of Social Media PsyOps
BiaSciLab

Psychological warfare thorough social media is one of the most powerful weapons in today's political battlefield. PsyOps groups have figured out how to sharpen the blade through algorithms and targeted advertising. Nation states are using PsyOps to influence the citizens of their enemies, fighting battles from behind the keyboard.

In this talk, BiaSciLab with cover a brief history of PsyOps and how it has been used both on the battlefield and the political stage - followed by a dive deep into how it works on the mind and how PsyOps groups are using social media to influence the political climate and elections worldwide.

416 DAC
12:00
50min
Why Professor Garfield Should Be Your Child's Best Friend on the Internet
The Cheshire Catalyst

Professor Garfield is our old friend Garfield the Cat from the funny papers, but he now has a job to do! He's teaching that doofus kitten Nermal how to protect himself from nasty dogs on the Internet that want to cause him trouble. It's possible that from reading these comics, some children may learn these lessons along the way too.

The Cheshire Catalyst got concerned when a fifth grade teacher in his home town gave one of Cheshire's public web pages to the kids in the teacher's class. As someone who prefers a reputation as one of "those mean, nasty hacker dudes," Cheshire does not want to be a role model to those youngsters, but is perfectly willing to let Professor Garfield have the job, since those kids do need guidance of some kind.

206 DAC
12:30
12:30
180min
Build Your Own USB Hacking Tool With the Wi-Fi Nugget and CircuitPython!
Kody Kinzie, Alex Lynd

In this USB attack workshop, you’ll learn how hackers compromise computers over USB with techniques like keystroke injection - and even get to try it yourself! Kody and Alex will show you how to write your own “Duckyscript” payloads, and how to load the “RubberNugget” attack software on your S2 Wi-Fi Nugget. In addition to helping you write your own attacks, they will walk you through uploading the beginner-friendly CircuitPython programming language on your Nugget, and even demonstrate an experimental web interface you can use to remotely run your payloads.

Workshop C
13:00
13:00
50min
ActivityPub Four Years Later: The Good, the Bad, and the Fedi
rolltime

ActivityPub celebrated its fourth anniversary as a W3C standard this January. The spec defines protocols which allow anyone to run their own social media server, which can then talk to everyone else’s servers, a technique known as “federated networking.” When ActivityPub was first released, many believed it would change social media forever, bringing about the end of monolithic surveillance networks and ushering in an era of democratized local communities. Four years later, while the fediverse plays host to a thriving community and unique culture, it remains a nonentity by the standards of social media giants. Why is this? How has ActivityPub created a constructive and enjoyable social media experience while also failing to bring that experience to a large audience? And what can this tell us about the possibilities and limitations of anarchistic spaces as a whole?

416 DAC
13:00
50min
CHERI: A Modern Capability Architecture
Dr. Nathaniel "nwf" Filardo

CHERI (Capability Hardware Enhanced RISC Instructions) is an architectural extension to existing processor Instruction Set Architectures (ISA) that introduces capability-based memory protection. It has been realized atop MIPS64 and RISC-V in a variety of open-source FPGA soft-cores and atop 64-bit ARMv8.2a in the Morello research prototype, a 2.5GHz, 7nm, 4-core SoC. Capability-aware forks of the FreeBSD distribution, the LLVM tool chain, PostgreSQL, QT, KDE, and WebKit are under active development, as are gcc and Linux. CHERI's instantiations are formally specified and key security properties are proven.

Using CHERI's mechanisms, software can efficiently implement fine-grained, reliable, spatial, and temporal memory protection and scalable compartmentalization without needing to resort to MMU-based isolation. Though common wisdom holds that hardware capability systems are impractical, CHERI achieves its goals with low overheads while retaining compatibility with C, including modern features such as dynamic linking and thread-local storage.

CHERI occupies a unique point in the design space of architectural security work. It is a fundamental redesign of the abstract machine seen by system software programmers - the first such to the commodity abstract machine since the introduction of virtual memory - while still being a valid target for C programs. Unlike most of its competition, its security guarantees are deterministic, not probabilistic, and do not depend on secrets, reducing the risks posed to software by side-channels. All of these properties, together with the apparent viability exhibited across the decade-long research program, mean that CHERI is widely considered to be one of the few paths towards "getting to done" with vulnerabilities.

While the fundamentals of CHERI have not changed, the HOPE audience has likely not had very much exposure to the topic. Moreover, the availability of Morello silicon changes the story from "something that might have worked well with CPU designs in the 80s and 90s, but is only available in simulation now" to "this might actually be real, and might be part of the commercial ecosystem in five to ten years."

206 DAC
13:00
50min
The Mathematical Mesh
Phillip Hallam-Baker

Another day, another data breach compromising personal data. Why don't they just encrypt? Encryption is easy, but being able to access your encrypted data and use it on all the devices you use and share it with your co-workers is hard. The Mathematical Mesh is an open infrastructure that addresses the missing piece in Public Key Infrastructure: the management of the private keys. Devices connected to a user's personal Mesh are automatically provisioned with precisely the set of keys, credentials, and data required to perform their function. The Mesh uses structural and threshold cryptographic techniques to achieve an unprecedented level of security without requiring the user to think about cryptography or security. The only configuration steps required to configure a device to use the Mesh replace prior network and platform configuration steps. And when the Mesh code is complete, these can be made as simple as a one-time QR code scan.

Little Theatre
14:00
14:00
50min
Cyber Security Certifications: The Good, The Bad, and The Ugly
Tom Kranz

As hackers, we all have unique skills and abilities that are in huge demand globally. How can we demonstrate to non-technology people - HR and hiring managers - the value of the work we've done? Increasingly, everyone is turning to certifications as a way to demonstrate their knowledge and skills. But with so many certifications to choose from, and with courses and exams costing so much, how can we know which ones improve our job application and career prospects - and which ones hold us back? In this presentation, Tom will share his experiences from 30 years in the security industry - looking at the range of entry-, mid-, and high-level certifications. He'll share what he looks for when hiring and building out his teams, how he evaluates candidates and their certifications, and which ones he recommends (and which to avoid) for people at all stages of their career.

206 DAC
14:00
50min
In Which Interlaced Video Digitization Makes Me Forget About Dying (For a While)
Jason Scott

A side project to address a growing stack of videotape causes historian and archivist Jason Scott (textfiles.com, Internet Archive) to consider what exactly it means to try and capture data before it disappears forever; and along the way he takes you through oblivion, redemption, hopelessness, and perhaps some small amount of compassion.

You will also learn how to deinterlace video.

Little Theatre
14:00
50min
Why Building Digital Libraries Matters
Davide Semenzin

This talk will examine digitizing books at scale and some interesting technology tidbits as to how an operation like this actually works. For example: why is the page-turning not automated? What are the building blocks of such a system? What were some of the most significant (and unexpected) issues along the way of scaling this system to digitize over one million books a year on the Internet Archive books digitization platform?

Why do this in the first place, one may ask? In short, because accessibility drives preservation and, for an increasing amount of use cases, if a book is not easily accessible online, it might as well not exist. Moreover, digital artifacts have specular properties to the physical ones in that they are easy to distribute (and easy to censor!), which means that once the expensive task of creating one is done, the problem is only one of access control. There is a lively policy discussion about what these access controls can and should be, but the argument here is that not only is it important that we invest in creating the digital artifacts, but also that these are maintained by some type of lender of last resort.

This talk will discuss how people can make digital libraries part of their lives, and how these libraries can improve those lives. There is often a misunderstanding of digital books being an alternative to physical ones. In fact, they are a complement, working together to give us better knowledge. Digital books allow us to do things like full text search, direct linking, and can support digital media embedding. This talk will also include a discussion on a few of these use cases, as well as examples of tools that are available to enrich one's reading and learning experience.

416 DAC
14:30
14:30
120min
Building a Home Lab and Introduction to Web Application Hacking With Girls Who Hack and BiaSciLab
BiaSciLab

In this workshop, you will learn why you should set up a home lab and multiple ways to set it up. Then you'll jump right into hacking a web application! Students will leave this class with some web application hacking skills and the ability to set up their own home lab. Note: This class is aimed at middle school to high school kids, but adults are welcome if they make room for the kids!

Workshop A
15:00
15:00
50min
Plausible Deniability and Cryptocurrency Privacy
Lane Rettig, Michelle Lai, Arctic Byte

Hackers around the world use cryptocurrencies like Bitcoin and ether every day under the mistaken assumption that these networks are somehow privacy-preserving (often conflating pseudonymity for privacy). This couldn't be further from the truth, as it is in fact often easier to trace crypto transactions than fiat transactions. Even so-called private networks like Zcash and Monero aren't failsafe from a privacy perspective. However, with a few tricks and tools, it is possible to preserve privacy on cryptographic networks in a robust way. This workshop will present a brief history of privacy successes and failures in cryptocurrency and blockchain with important case studies. It will also demonstrate tracing and de-anonymization of actual transactions in real time, and will present tools and techniques for guaranteeing strong privacy.

Little Theatre
15:00
50min
Six Years Later and Worse Than Ever - The Espionage Act, Computer Fraud and Abuse Act, and What's at Stake for Activists, Journalists, and Researchers
Jesselyn Radack, Carey Shenkman

The Trump administration continued the trend of using two antiquated laws - the Espionage Act of 1917 and the Computer Fraud and Abuse Act of 1986 - as tools to restrict the public's right to know. Trump's Justice Department sent numerous truth-tellers to prison, and in 2019 charged Julian Assange, who is neither a government employee nor a U.S. citizen, under both laws. The current legal landscape has unprecedented implications for national security journalism, transparency, and the use of anonymity and source protection tools. Join two human rights attorneys who have worked closely on issues surrounding these laws for a conversation on what's at stake for activists, journalists, and researchers; the recent traction in Congress for reforming both laws; and the necessity for doing so.

416 DAC
15:00
50min
hCaptcha: Profits over People and Fscking Useless
Steven Presser

Or "why I broke CAPTCHAs for 15 percent of the Internet." Technology is supposed to be the great equalizer. But what happens when corporate interests build technological barriers that prey on a minority? Why, hackers, of course! hCaptcha is a commercial CAPTCHA provider, used for about 15 percent of the Internet. In order make their CAPTCHA usable for people with disabilities, they implemented a specific "accessible workflow." This workflow stripped people with disabilities of their privacy or prevented them from using websites entirely. It could also be automated. This talk is about how hCaptcha built their product, the automation attack against their accessible workflow, how they've failed to fix it, and where we go from here.

206 DAC
15:30
15:30
90min
Think Like a Hacker: Lateral Thinking and Social Engineering for Complete Newbies, 1 of 2
Gus Andrews

HOPE often attracts attendees who may be new to the hacking space - people who learned of the conference through the Off The Hook radio show, youth who are keen to get into this space, artists, journalists, activists, and others who see their work increasingly overlapping with hacking. There's a lot newcomers may have missed about hacking techniques over the years! This workshop is for those newcomers, to bring them up to speed about some very fundamental habits of thought in the hacking community. In this session, Gus will get attendees engaged in hands-on exercises developed in the engineering and hacking communities for finding vulnerabilities. To demonstrate counterintuitive strategies beyond code, this will be followed up with examples of past hacking, including social engineering and voting machine testing. Wrap-up discussion explores how these activities change what we think, feel, and see, and what we can do with the systems around us.

Workshop B
16:00
16:00
50min
Botnets are the Best Way to Measure User-Hostile Behavior on the Internet
David Sidi

Today there are two dominant approaches to measuring behavior at scale on the web without the cooperation of service providers: there are bot farms, which run automated browsers on infrastructure controlled by the measurer; and there are instrumented extensions that run on the browsers of individuals who have agreed to participate.

Bot farms are bad because it's hard to measure everything that is interesting to study in a fully automated way; extensions are bad because for them the measurements follow the participant's use of the service, whereas directly controlling what is measured is often useful in a study (plus, there are privacy risks).

The best way to measure behavior on the web is with a botnet. Botnets are distributed over participant computers, so bots can mix in requests to a human alongside automated measurements. On the other hand, where bots go, and what they ask about, is fully specifiable in a botnet study.

In this talk we'll see how best to build a measurement botnet: isolating the bot on the participant's system, deciding when to run, deciding when to ask for human help and how to share achievements with them, and avoiding detection as a bot to improve study validity.

At the end, there will be a discussion about why any of this matters: botnets have always let individuals cooperate to participate in causes they believe in, from fighting COVID-19 with @home, to DDoS as political action, to breaking weak ciphers with distributed.net. That's true of measurement botnets too. There is little awareness today of actions taken against our interests: botnets can help.

206 DAC
16:00
180min
Irradiant Waves Program (2 of 6)
David Goren

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City's vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

Other
16:00
50min
Porn Platforms Hate Them for Exposing Their Mischief With These Two Weird Tricks
Giulia Corona, Alessandro Polidoro

The non-profit organization Tracking Exposed (tracking.exposed/), which fosters digital rights and algorithm accountability, has developed a set of free-software tools (Potrex and Guardoni) with the intent of bringing light into the underlying mechanisms of one of the major porn platforms existing nowadays. Thanks to these tools, Giulia and Alessandro have achieved an unprecedented angle of view over biases and data processing malpractices that may affect these websites, collecting precious evidence that has proven useful for carrying out academic research and even digital forensics investigations. Their goal is to give empowerment to the users and help them reclaim their rights recognized by the European General Data Protection Regulation (GDPR) and even more. During this talk, they will present the research they have conducted regarding the abuses spotted on a porn platform whose algorithms seem to be operating in a seriously biased way. They will then explore signs of possible data protection law violations and will imagine together strategies and methodologies for the upcoming analysis of these platforms.

416 DAC
16:00
50min
Travel Hacking Workshop With TProphet
TProphet

Do you have airline miles, bank points, or hotel points? Have a trip you've always wanted to take? In this workshop, you can learn how to (legally!) fly for (almost) free. Use the points you've earned to take the trip of your dreams for far less than you may expect. Learn how to enjoy luxury travel and even fly "up front" with the rich and famous for as little as $5.60 out of pocket. There's a catch, though: airlines only give away the seats they don't think they'll sell, so you'll need to think like a hacker. Can you be flexible with dates, airlines, and destinations? Are you willing to consider visiting countries off the beaten path? Come prepared to book right away - great deals don't last!

Little Theatre
16:30
16:30
60min
Learn to Solder With BiaSciLab and Girls Who Hack! 1 of 3
BiaSciLab

In this workshop, you will learn the basics of soldering by assembling the Girls Who Hack soldering kit! This class is aimed at kids (younger ones will need adult supervision), but adults are welcome as long as they make room for the kids. Kits are available for \$10.

Workshop C
17:00
17:00
360min
AIoT Village
Marcia Wilber

AIoT enthusiasts and tinkerers, makers explore 3d printing, quadcopters,
dancing robots, Raspberry Pi's, and more...

Run inference with darknet and yolov3 (tiny yolo too). This village is a
tinkerspace for people interested in aiot, 3d printing, electronics.

Discussions about privacy, ethics and counter surveillance are welcome.

Visit raspberry pi, pico, pi0, and other small boards workstations.

We will show you how to perform some Hands-On object and face recognition
using different networks like tensorflow or with smaller boards tflite.

We have a wearables sample and just a wide variety of workstations
to explore!

Other
17:00
50min
All About RADIO WONDERLAND
Joshua Fried

RADIO WONDERLAND will be performing live at A New Hope. This talk will expose the how and why. As to what, RADIO WONDERLAND pulverizes mass media into little bits that dance; live commercial radio becomes recombinant funk, controlled by old shoes Joshua hits with sticks (he's a drummer) and a vintage Buick steering wheel (he's also a... wheel player). All the processing is live, though his custom Max code. This talk will look at some of that code - which is nicely graphical - and will discuss the place of high-level programming environments such as Cycling 74's Max which often comes with their own low-level escape hatches. But that's just coding - nothing particularly 'hackery' about it. It's what RADIO WONDERLAND does with mass media, live performance, and ordinary objects that seems to tickle hackers and the HOPE community. That will also be discussed here.

416 DAC
17:00
50min
Creating a General Purpose Network Through Wireless Mesh
Jameson Dungan

This talk will cover the creation of a resilient and redundant network across the region using wireless technology independent of the Internet. A lot of local data can be collected through various radio protocols such as weather and NOAA satellite data, airplane and ship traffic, and time. All of this data can be collected and processed with SDRs and Raspberry Pis. Offline repositories and mirrored sites can be hosted on this network, such as Wikipedia, medical encyclopedias, Project Gutenberg (every book in the public domain), TED, YouTube, Stack Overflow, and many others.

This talk will explore the trials and errors learned in creating this network from the physical to Layer 3 routing, how to build cheap antennas, the hardware used, and how they're solar/battery backed up. The coverage of the network can even be expanded using amateur radio frequencies for those with licenses to send TCP/IP packets over digital radio and plug into existing ham infrastructure including global SMS, phone, and global email with and without an Internet connection. The network infrastructure can be expanded by anyone wanting to join the network and host more resources, expand coverage, content, and serve as communications in an emergency or extended grid-down situation.

206 DAC
17:00
120min
Negotiating the Interview
Tom Kranz

Tom has over 30 years' experience in cyber security, starting with breaking into Prestel with a BBC Micro in the U.K. in the early 80s - he's now a CISO and author of Making Sense of Cyber Security (Manning) and "Data Driven Cyber Security" (NVIDIA). Tom has built high performance cyber security teams for global companies, consultancies, and government departments, as well as advised executives and company leadership on how to change their hiring process to attract the best and retain the best security talent. This interactive workshop will help you turn job interviews from nerve-wracking gauntlets to casual conversations that land you the job - or help you avoid the jobs you don't want. Whether you are trying to get your first cyber security job, or are looking to progress your career, this workshop will help you, by working through: 4. How to spot and fix common mistakes on CVs/resumes. 5. How to showcase your skills and experience. 6. Common interview techniques, questions, and how to respond. 7. How to negotiate salaries and compensation. 8. Employer red flags: weeding out the bad gigs. This will be a practical workshop, so expect lots of participation and engagement: please bring something to write with, a printed copy of your CV, and lots of questions!

Workshop A
17:00
50min
Tracking Android Malware and Auditing App Privacy for Fun and Non-Profit
Bill Budington

Our devices are a window into our souls, and contain a vast trove of information that is valuable to both data-driven big business and hackers alike. On the surface, a popular social media app promoted on the Google Play Store and a piece of malware side-loaded onto a device may seem very different. From the perspective of reverse engineers and analysts of Android apps, however, the tools and methodologies are the same. Using a combination of static and dynamic analysis, we can begin to understand the behavior of apps that are installed on our devices, and see exactly what data they are siphoning and sending out.
In this talk, Bill will cover the tools, techniques, and device configurations used to conduct a privacy audit of a popular app or a behavioral analysis of a piece of malware. Drawing from his investigation of the popular Ring doorbell app to his more recent work dissecting a piece of malware which used Tor to discover a command and control (C2) server, this talk will be infused with real-world research and examples of both. In addition, the “apkeep” tool developed at EFF provides a powerful addition to the toolbox for anyone interested in downloading apps from various sources and app markets. Finally, he’ll present a configuration of a single Android device that can do real-time interception of encrypted network communication from apps run on it while on-the-go, which can be useful for when apps change based on location or user behavior.
If your interest is in reverse-engineering Android malware, in auditing the sensitive information which is habitually gathered by ostensibly legitimate data-driven businesses, or just in learning a little more about the world of app analysis, this talk will have something for you.

Little Theatre
17:30
17:30
180min
Travel Hacking Workshop With TProphet
TProphet

Do you have airline miles, bank points, or hotel points? Have a trip you’ve always wanted to take? In this workshop, you can learn how to (legally!) fly for (almost) free. Use the points you’ve earned to take the trip of your dreams for far less than you may expect. Learn how to enjoy luxury travel and even fly “up front” with the rich and famous for as little as $5.60 out of pocket. There’s a catch, though: airlines only give away the seats they don’t think they’ll sell, so you’ll need to think like a hacker. Can you be flexible with dates, airlines, and destinations? Are you willing to consider visiting countries off the beaten path? Come prepared to book right away - great deals don’t last!

Workshop B
18:00
18:00
50min
Designing for Privacy in an Increasingly Public World
Robert Stribley

People are increasingly concerned about their rights to privacy online. As digital designers, we need to be aware of experiences which undermine people's privacy, recognize "dark UX patterns," and learn to design transparent experiences which enable people to understand how their information is being used online. Further, we need to provide them with visible access to privacy tools, as well as reminders to take advantage of them. Robert will discuss privacy issues in detail to draw awareness to them, as well as some simple solutions for combating these issues. Attendees will leave with an understanding of the necessity of "privacy by design."

206 DAC
18:00
50min
Moving Beyond Amazon Self-Publishing Purgatory
John Huntington

Back in 2014 at HOPE X, John did a talk called "A Self-Publishing Success Story" detailing his process moving a book from a publisher to self-publishing on Createspace/Amazon. He had a good run on Amazon, updating the book again in 2017. Then, in 2018, Amazon merged Createspace into its "Kindle Desktop Publishing" (KDP) platform. In 2020, Huntington decided to update several paragraphs in the 475-page book, and this attempt at a simple text change led to his book being stranded in a virtual, dystopian Amazon purgatory. The only reasonable way out was to abandon Amazon KDP altogether. This led to moving everything over to IngramSpark for print copies, Google Play Books for EBooks, and DPD for individually watermarked, DRM-free PDFs.

In this talk, John will discuss the horrors of his Amazon nightmare, successfully moving onward, the self-publishing process in 2022, and the economic aspects of his recent self-publishing experiences.

416 DAC
18:00
50min
Quantum Computing: It’s Not Just Sci-Fi Anymore
Kevin Carter

This talk will focus on the current state of quantum computing, including current infosec and other scientific use cases for post-quantum cryptography, open source and proprietary quantum development toolkits, and information about how to get involved in the quantum computing community. Quantum cloud computing technology will be discussed in depth, and there will be demos of quantum computing systems throughout the presentation.

Little Theatre
18:00
60min
The Polyjuice Potion: A Workshop on Netflow Correlation Avoidance
William Jones

This workshop covers modern netflow correlation and web traffic fingerprinting attacks and countermeasures in practice, with a focus on Tor, i2p, nym, and other publicly accessible anonymity tools. Most of the academic literature focuses on how to perform these types of attacks only in theory. In practice they are difficult to set up and require extensive collaboration between backbone-positioned adversaries. One would hope that these adversaries are careful, accountable, well-resourced, and not beholden to the interests of private corporations. William will first describe the state of the art for these attacks, including netflow correlation, web traffic fingerprinting, active traffic disruption, and throttling. He'll then detail an end-to-end pipeline for legally spinning up a C2 server with full non-attribution, enabled using publicly available infrastructure.

Workshop C
19:00
19:00
50min
Let's Talk: Bioprinting
Xavier Palmer

Are you curious about bioprinting? This talk will cover what bioprinting is, types of bioprinting, ways to practically get into bioprinting, neat use cases, and practical resources on bioprinting. This is an entry level talk that aims to demystify and educate.

206 DAC
19:00
110min
The CFAA Has Come a Long Way, or Has It?
Alexander Urbelis, Joel DeCapua, Jay Kramer

On May 19th, for the first time in nearly a decade, the U.S. Department of Justice revised its guidelines for bringing charges under the Computer Fraud and Abuse Act (CFAA), instructing federal prosecutors to decline prosecutions if the conduct at issue involved "good faith security research." Under these new guidelines, accessing a computer "for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability," if carried out in a way designed to avoid harm to individuals and the public, would not be a criminal offense.

On the books since 1986 - and enacted into law in direct response to the classic hacker flick WarGames - the U.S. Supreme Court and various lower courts have been continually shrinking the once-broad scope of the CFAA, and now DOJ itself has reconsidered the wisdom of its past practices.

This talk will explore the contours of this new policy and how it affects the hacker community, including topics such as:

  * Is this change too little too late, especially since it was an expansive use of prosecutorial discretion that lead to CFAA charges against Aaron Swartz in 2011 that tragically lead to him taking his own life in 2013?
  * What was the driving force behind this radical policy shift?
  * What binding effects do these guidelines have on U.S. Attorneys' Offices?
  * What counts as "good faith security research?"
  * What does not count as "good faith security research?"

416 DAC
19:00
50min
void loop () - Minecraft as My Musical Instrument
Ramon Castillo

autumnateeverything.com/void-loop/

void loop() is a collection of performances in an elaborate Minecraft world. Audio from the game is routed through Ableton Live for some live looping and other antics. This collection of pieces takes place in the Minecraft void biome. The title is a reference to the biome, the looping techniques Ramon uses, and the Arduino function: the Arduino IDE was used to program a Teensy 3.2 board that a Twitch audience can use to control his Minecraft character. Chat users can enter commands like !left and !right to turn his character at times during the performance.

In addition to using widely available Minecraft mods and resource/data packs, void loop () harnesses the power of Ableton Live and Max for Live for both signal processing and game control. Movement can easily be triggered by elements like MIDI messages or audio envelope following. Furthermore, Ableton Live and Max for Live can be extended using script-oriented objects (ClyphX Pro and node.js), making for an incredibly connected environment.

Finally, the video signal from Minecraft can be processed in novel ways using color keying. Specifically, void loop () turns part of the world into a "green screen." Additional video processing happens in VDMX, a real-time video processing environment with sound reactivity and MIDI/OSC connectivity.

The development of these performances has led Ramon to develop numerous projects with his students at UMass Lowell (UML) that involve Minecraft as an immersive and collaborative musical instrument. In-game logic, scripting, and hackability foster a musically conducive environment where composers and performers can collaborate on highly expressive works. While these projects were created as part of the Contemporary Electronic Ensemble, they led to the creation of UML's Video Game Ensemble where ultimately any game could be used as an instrument.

Little Theatre
19:30
19:30
120min
LED Strips Everywhere for Everyone!
Mitch Altman

Learn how to light up LED strips with a cheap Arduino, and make your life trippy and beautiful! For total beginners - no knowledge needed at all. LED strips have become really cheap. Lots of people have created inexpensive methods of controlling their color and brightness. This workshop shows one way to control LED strips, to make them do what you want. This workshop will use a very cheap Arduino clone. Mitch will show you everything you need to know to use existing programs - as-is or to hack on - to control the colors in your world with LED strips.

Workshop C
19:30
180min
Plausible Deniability and Cryptocurrency Privacy
Michelle Lai, Lane Rettig, Arctic Byte, Ahmed Ghappour

Hackers around the world use cryptocurrencies like Bitcoin and ether every day under the mistaken assumption that these networks are somehow privacy-preserving (often conflating pseudonymity for privacy). This couldn’t be further from the truth, as it is in fact often easier to trace crypto transactions than fiat transactions. Even so-called private networks like Zcash and Monero aren’t failsafe from a privacy perspective. However, with a few tricks and tools, it is possible to preserve privacy on cryptographic networks in a robust way. This workshop will present a brief history of privacy successes and failures in cryptocurrency and blockchain with important case studies. It will also demonstrate tracing and de-anonymization of actual transactions in real time, and will present tools and techniques for guaranteeing strong privacy.

Workshop A
20:00
20:00
50min
From Mind Control to Mind Expansion: Hacking Technology to Rebuild Our World
Javair Ratliff, Geva Patz

It's time for hackers to think bigger and act bigger. We're used to poking at systems and finding the weak spots so they can be patched before things break catastrophically. But what do we do when the system is broken beyond hope of patching? When the magical power of technology that we see and understand so well is co-opted for cheap conjuring tricks for the ends of persuasion and power? When we have a technological infrastructure that supposedly "connects" billions of us to each other, but which, because it struggles to escape the gravity well of these distorting motivations, fails to enable us to effectively support each other even in the face of a global existential threat?

This will be a HOPEful, interactive session where Javair and Geva will take some elements at the edge of today's technology - virtual reality, brain-computer interfaces, AI - and apply the hacker spirit to use them in ways the system never intended, to allow us all to see and act on more forward-moving visions of the future together.

Little Theatre
20:00
50min
Novel Exploitation Tactics in Linux Userspace: One Byte OOB Write to ROP Chain
Sammy Hajhamid

Many of the complex surfaces in the GNU C library, such as malloc or IO, have been thoroughly deconstructed and analyzed to be utilized in exploit chains in Linux userspace. However, one surface, the runtime loader, is yet to be brought to its full potential. In this talk, Sammy will discuss going from one byte out-of-bounds write to a complete ROP chain without IO access and no brute force under extremely restrictive seccomp, without ever needing memory information leaks.

The talk will showcase cutting-edge exploitation tactics in Linux userspace, with a primary focus on utilizing rtdl, to pull off exploits that previously - without rtld - were completely inaccessible.

206 DAC
21:00
21:00
90min
How to Submit a GDPR Data Subject Access Request
Giulia Corona, Alessandro Polidoro

The General Data Protection Regulation (GDPR) regulates everybody operating within the European Union and the European Economic Area (even if non-European). GDPR Article 15 gives people the "right of access" to their personal information processed by digital platforms. These platforms must communicate with no delay many precious details regarding how they process personal data, such as purposes of processing, parties with whom data will be shared, and even the logic of their automated decision-making. In this workshop, participants will learn the best strategies for submitting Data Subject Access Requests and countermeasures for most common elusive replies. DSARs have often been used by the non-profit Tracking Exposed (tracking.exposed/), who foster digital rights and algorithm accountability. Also of great support is the presenters' Guardoni tool, which allows users to double-check if the information received matches that provided by digital platforms.

Workshop B
21:00
50min
Just Enough RFID Cloning to Be Dangerous
Gabe Schuyler

We've all boasted, 'those things are so easy to copy', but how sure are you? The devil is in the details, and those details are strewn across the Internet in blog posts, readme files, and members-only forums. Gabe will quickly show you the basics of cloning house keys and hotel cards, and where to go from there.

206 DAC
21:00
110min
Masking Threshold
Johannes Grenzfurthner

Conducting a series of experiments in his makeshift home-lab, a skeptic IT worker tries to cure his harrowing hearing impairment. But where will his research lead him? Masking Threshold combines a chamber play, a scientific procedural, an unpacking video, and a DIY YouTube channel while suggesting endless vistas of existential pain and decay. Glimpse the world of the nameless protagonist in this eldritch tale, which is by no means for the faint of heart.

A discussion and Q&A with the filmmaker will follow.

Little Theatre
21:00
60min
Tilted Axes

Music for Mobile Electric Guitars is an ensemble of guitarists and percussionists led by composer and performer Patrick Grant. The musicians perform original music untethered via portable mini-amps strapped over their shoulders. The project takes on aspects of spectacle informed by the tradition of urban street bands, avant-garde theater, and ancient music. It takes music out into the world and seeks transformative situations meant to change the community conversation.

Other
22:00
22:00
50min
Practical Steps to Improve Privacy
Michael McMahon

After having an in-person private conversation, have you noticed your search results and advertisements mimic the private discussion you just had? Privacy is not the default anymore. Privacy cannot be bought with a single product or service. As with security, privacy is a disciplined set of guidelines that must be followed for continued protection.

In this talk, Michael will present concrete steps that can be taken to increase the privacy and security of everyday computer usage. Topics will include levels of protection, operating systems, handling passwords, customizing web browsers, and Internet communication. You will be encouraged to push back against bulk surveillance by replacing proprietary products with alternatives through software freedom and to share the tips you will learn in this talk with your friends.

206 DAC
22:10
22:10
50min
Hacker Karaoke
Dr. Greg Newby

This is Karaoke with a hacker theme! Participants will give a live performance consisting of hacker-oriented lyrics, set to a song from a standard Karaoke library playlist.Visuals, backup singers, and costumes are welcome but not required. A panel of judges will award points for:

  • Lyrics (hacker-oriented topic, lyrical quality, originality...)
  • Performance (energy, flair, dance moves, diction...)
  • Visuals (optional backing video, costumes, backup performers...)

Winners will be given recognition, bragging rights, and perhaps a prize. Songs should be under approximately 3 minutes. Sign-ups will open at the start of HOPE.

416 DAC
23:00
23:00
60min
Ohm-I
Ohm-I

nerdcore rap

416 DAC
00:00
00:00
60min
Frae-Frae
Frae-Frae

A electronic that will travel trough sounds of prayer, protest, and peace.

416 DAC
01:00
01:00
60min
Autumn Ate Everything
Ramon Castillo

is a collection of creative performance projects that involve everything from hardware building to immersive Minecraft world building. At the core of the project is a system of expressive live-looping that I have been building since 2011.

416 DAC
02:00
02:00
60min
casualFriday DJ Set
casualFriday

High energy mix of 90s/2000s throwback electronica with a few originals. Vibe like you just watched Hackers and stayed up all night in IRC.

416 DAC
10:00
10:00
50min
Hack the Planet... Step 1, Step 2, Step
Tom Brennan, Joaquin Paredes

Penetration testing has existed as a cyber security assurance activity for many years. Although frequently used, the phrase lacks clear definition and is often misunderstood. For many individuals, phrases such as security auditing, penetration testing, vulnerability analysis, ethical hacking, and red teaming all mean the same thing.

CREST has been accrediting penetration testing companies since 2006 and by the end of 2021, it had assessed more than 250 organizations that deliver penetration testing services around the globe. During this time span, the expectations around what a penetration test is have evolved. In parallel, the toolsets, platforms, and delivery methods that can be used to provide penetration tests have changed significantly. Over the past 15 years, the number of organizations across the globe that procure penetration tests has increased markedly and, accordingly, it is CREST's considered opinion that there is increased need to define a set of minimum expectations that should be associated with a penetration test.

This session will shed light on the snake oil in the industry. War stories will provide suggestions on how to work in the industry and help you be commercially defensible.

Little Theatre
10:00
360min
Kubernetes Security: Learn by Hacking
Andrew⠀Martin, Francesco Beltramini

Learn how to attack, exploit, and hack Kubernetes clusters and application workloads. In this workshop, attendees are set loose on a series of vulnerable clusters in a competitive and collaborative capture the flag. Full methods, solutions, and vulnerabilities are revealed, along with actionable mitigation steps to enhance a cluster's security and lock down common misconfigurations. It is an entertaining and frenetic experience designed to develop the kind of expertise only realized in production environments. Emphasis is placed on collaboration and communication, which are key to unlocking some of the advanced flags. Previous experience with Kubernetes is required.

Workshop A
10:00
60min
Learn to Solder With BiaSciLab and Girls Who Hack! 2 of 3
BiaSciLab

In this workshop, you will learn the basics of soldering by assembling the Girls Who Hack soldering kit! This class is aimed at kids (younger ones will need adult supervision), but adults are welcome as long as they make room for the kids. Kits are available for \$10.

Workshop C
10:00
50min
Open Source RF Experimentation
Steve Bossert, Joe Cupano

In a world of more software defined radio (SDR) projects and more open source hardware (OSH) projects, there are many ways in which RF spectrum can be exploited via receive-only projects or those making use of licensed or unlicensed spectrum applications. This presentation will cover trends for SDR and OSH worth thinking about, along with specific hand-picked examples of projects that both Steve and Joe are very excited about (and why).

416 DAC
11:00
11:00
50min
An Engineer's Guide to Linux Kernel Upgrades
Ignat Korchagin

The Linux kernel lies at the heart of many high profile services and applications. And since the kernel code executes at the highest privilege level, it is very important to keep up with kernel updates to ensure the production systems are patched in a timely manner for numerous security vulnerabilities. Yet, because the kernel code executes at the highest privilege level and a kernel bug usually crashes the whole system, many engineers try to avoid upgrading the kernel too often just for the sake of stability. But not every kernel update is dangerous: there are bugfix/security releases (which should be applied ASAP) and feature releases (which should be tested better). This talk tries to demystify Linux kernel releases and provides guidance on how to safely and timely update your Linux kernel.

206 DAC
11:00
120min
Irradiant Waves Program (3 of 6)
David Goren

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City's vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

Other
11:00
50min
Nikola Tesla's Predictions Today
Ed Wilson, Jeffrey Velez, Douglas Borge, Dr. Bryan J. Field

Explore the predictions of science visionary Nikola Tesla and where they stand today in this interactive discussion with staff of the Tesla Science Center at Wardenclyffe. This presentation will delve into Tesla’s prescient ideas and futuristic inventions, some of which were so far ahead of the time in which he lived that they were often dismissed and only today are realizing their potential. The talk will include an update on Wardenclyffe, Tesla’s only surviving laboratory, with an exclusive look at what the future holds.

416 DAC
11:00
50min
Right to Repair - You Should Have the Right to Fix What You Own
Louis Rossmann

In this talk, Louis will share his experiences of showing manufacturers, such as Apple, that it is possible and desirable for their customers to repair their own devices. After years of creating repair how-to videos on his YouTube channel, he decided that he wanted more people empowered to repair their devices, rather than replace them with new ones - with the old ones becoming toxic waste in landfills. After years of seeing manufacturers fighting hard to keep people from having the right to repair their own property, Louis decided to fight back and become involved with Right-to-Repair, which has, over time, become a movement, with the very real possibility of becoming law. This talk will show you how worthwhile - and fun - it is to repair what you own!

Little Theatre
11:30
11:30
120min
Eyecillator: A Small Yet Surprisingly Complex Little Light-Sensitive Noise Maker
Travis Johns

Meet the Eyecillator, a small DIY tabletop opto-synthesizer for musicians, STEM evangelists, and other weirdos, brought to you by the folks at VauxFlores. Technically speaking, it's a four-oscillator, cascaded NAND opto-synth with controls over pitch and voltage sag, as well as the addition of a third control over the frequency of a misappropriated telephone chip that acts as a strange filter of sorts. Non-technically speaking, it's a chirpy sound thing that kind of sounds like that motorized garbage can robot from that one space movie... but with a drug problem - and you get to build one yourself! Even better, for this workshop, no prior electronics experience is needed and, yes, you get to keep this synth at the end of the day. As is tradition, we strive to keep things casual, informative, friendly and safe - so feel free to bring a snack and a story and let's build and be friends.

Workshop C
12:00
12:00
50min
Breaking 19th Century Encrypted Newspaper Ads With Modern Means
Elonka Dunin, A.J. Jacobs, Klaus Schmeh

In the 19th century, encrypted newspaper advertisements were a common method of communication. They were used to transmit everything from love messages and business information to family news. Publication in a newspaper ensured that a message could be received anonymously and virtually everywhere, even by people on the go. Encryption ensured that (at least in theory) only the intended recipient could read the note. The three presenters of this talk have collected hundreds of encrypted newspaper ads from the 19th century from England, France, and the United States. Some of these ads are unique while others form series of messages, the longest of which includes over 50 advertisements published over several years. Some messages were solved quickly, some are still being solved today, and others remain unsolved.

To solve ciphertexts of this kind, modern codebreaking tools can be used, such as the open-source software CrypTool 2 or the free online service dCode.

This talk presents the most interesting newspaper ads from the lecturers' collection along with the background stories. It is shown how these messages can be broken with modern algorithms implemented in free software tools. In addition, some of the toughest unsolved advertisements are introduced and potential solution approaches are explained.

Little Theatre
12:00
50min
COVID Making: From Cyber Pantries to Cyber Glasses
Matt Desmarais

This talk will describe how Matt developed Internet of Things (IoT) devices for his work at a community pantry, as well as an affordable wearable computer. He will talk about how hackers have an opportunity to improve their own communities by applying their skills towards local services. Matt will also talk about how open source hardware removes barriers to innovation and implementation.

The COVID crisis was/is a great opportunity to make a better world from the comfort of your own home or local food pantry. The hunger crisis is a major issue that is going to get worse. Food pantries will need hackers' help if they want to thrive in such situations: they need client databases, IoT infrastructure, and volunteers willing to do the job. There are better (COVID friendly) options; they just have to be made. Open source hardware has gotten to the point where you can do almost anything.

206 DAC
12:00
50min
Hacking Local Politics: How We Banned Facial Recognition in Minneapolis
Munira Mohamed, Chris Weiland

The lines between technology and society are becoming blurred to the point of nonexistence. The software we build oftentimes has more impact on the day to day lives of ordinary people than the laws passed by local governments. For reasons both practical and moral, it is becoming increasingly important for those of us with technical expertise to become more involved with the political process.
But if we want to move beyond armchair activism, we need to understand the system we are trying to hack. Drawing on the panelists’ recent experiences with passing an ordinance banning the government’s use of facial recognition in Minneapolis, and their work creating the Safety Not Surveillance Coalition, this presentation will offer concrete steps on how you can transfer technical expertise into effective political change.

416 DAC
13:00
13:00
50min
Defensive Computing
Michael Horowitz

The focus of the tech press has always been on the sky falling. The disaster of the day makes for great headlines, defending yourself does not. When defensive advice is offered by the press, it is typically the same old thing over and over. This talk will not round up the usual suspects. For example, when it comes to VPNs, Michael will cover features to look for that the tech press has never mentioned, along with multiple ways to verify that a live VPN connection is functioning correctly. One of the best ways to avoid being tracked and spied on is DNS, so he will cover DNS starting with an overview of legacy vs. encrypted DNS, then ways to test your DNS environment and NextDNS. Anyone who understands the rules for domain names cannot be fooled by scam websites, so both the rules and common scammer naming tricks will be covered. You will see how the concept of a secure website is, in many ways, a scam. A new approach for dealing with passwords will be suggested.

Defensive computing is not security. This talk is not about software bugs or vulnerabilities. In general, it is for non-techies, but techies are sure to get something from it and their input will be most appreciated.

If time allows, other topics on the agenda will include: Chromebooks, router security, locking mobile apps, Gmail, banking, creating multiple email addresses, and keeping important medical information on a cellphone.

206 DAC
13:00
50min
How to Run a Top-10 Website, Publicly and Transparently
Kunal Mehta

Wikipedia is the only top-10 website that is operated by a non-profit, but more importantly, runs fully transparently. Literally anyone can view detailed monitoring graphs for individual services and servers, see alerts fire in real time, and watch as engineers deploy code and debug problems live. It's not a one-way street. Participation from volunteers is encouraged and welcomed, with the Wikimedia Foundation giving out sever access to trusted volunteers, allowing them to view private logs and deploy changes. Even amongst smaller or other non-profit/public interest websites, this level of transparency and openness is really unheard of. Yet it is key in what has made Wikipedia such a force for good and, really, the Internet a better place. This talk will discuss the advantages and disadvantages of running a website in this way, including looking at case studies where this level of transparency enabled volunteers to provide key insights that fixed bugs and outages, saving the day.

416 DAC
13:00
50min
Unpickable But Still Unlockable: Lock Bypass Tricks in the Field
Bill Graydon, Karen Ng

Physical red-teams rely heavily on nondestructive bypasses when doing vulnerability assessments: under-the-door tools, latch-based attacks, climbing through vents and around walls and fences. But how well do these techniques actually work in the field - when time is of the essence and it's not in a controlled training environment? This talk will focus on a plethora of real life successes, failures, and lessons learned for how to make these techniques work in practice. Karen and Bill have talked extensively about the mechanics of lock bypass in the past - most notably at the Bypass 101 sessions Karen gives with the Physical Security (formerly Lock Bypass) Village. They will recap the fundamentals of each technique here too - but now you'll get to learn from their years of experience in what actually works.

Little Theatre
14:00
14:00
60min
A CRI for HOPE: Cyberminds Research Institute Teaches Avoidance of Being a Social Engineered Victim
Dr. Frederick L. Hicks, Dr. Tina Honey, Dr. Alexis Perdereaux-Weekes, Dr. Edvard Joseph, Dr. Lisa J. Knowles, Dr. Natalie Foster Johnson

Many individuals feel after a pandemic that there's no hope. Cyberminds Research Institute (CRI) is of a different opinion. Cyber-criminals attack those who are distracted with other life events. From the shadows of these attacks comes light and opportunity. HOPE evolves from the knowledge gained after cyber-attacks occur. After the pandemic and now a near recession, cyber-criminals are enthusiastically attempting social engineering related to lower gas prices, rent relief, mask mandates, free vaccines, bogus shot cards, and free COVID-19 funds. This offers new avenues of cyber-attacks where organizations and individuals are easy targets due to the distractions of a post-pandemic climate. This workshop focuses on social engineering, teaching and learning as a result of banally successful cyber-attacks, and the hundreds of unsuccessful cyber-attacks. Leave with hope and a technique to successfully avoid social engineers attempting to diminish hope for a safe cyber tomorrow.

Workshop B
14:00
110min
A New HOPE Keynote and Q&A with Sophie Zhang
Yan Zhu, Sophie Zhang

Facebook whistleblower Sophie Zhang will share insights, in discussion with Yan Zhu.

Sophie became a whistleblower after spending two years and eight months at Facebook, personally catching two national governments using the service to manipulate their citizens, and also revealing some troubling decisions made by Facebook. In addition to this discussion with Sophie, Yan also ran the Q&A with Chelsea Manning at The Circle of HOPE in 2018.

416 DAC
14:00
50min
How Do MRI Machines Work? An Introduction to MRI and Open Source Imaging
Douglas Brantner

Superconducting, cryogenically cooled, terrifyingly strong magnets, bordering on perpetual motion; radio frequency (RF) coils big enough to crawl inside; fast switching, high power amplifiers to create hazardous levels of robot noises (and also flip around some magnetic fields). All in one giant Faraday cage. This talk will give a broad overview of the various technologies at work in a magnetic resonance imaging (MRI) machine, as well as highlight some of the work of the OpenSourceImaging.org community.

206 DAC
14:00
110min
Keynote simulcast

Remote viewing of the Q&A with Sophie Zhang. Attendees will be able to send questions via live chat.

Little Theatre
14:30
14:30
210min
Arduino for Total Newbies
Mitch Altman

You've probably heard lots about Arduino. But if you don't know what it is, or how you can use it to do all sorts of cool things, then this fun and easy workshop is for you. Arduino is an amazingly powerful tool that is very simple to learn to use. It was designed so that artists and non-geeks could start from nothing and make something cool happen in less than 90 minutes. Yet it is powerful enough so that uber-geeks can use it for their projects as well. This workshop is easy enough for total newbies to learn all you need to know to get going on an Arduino. Participants will learn everything needed to play with electronics, learn to solder, and learn to use a solderless breadboard to make a TV-B-Gone remote control to turn off TVs in public places - a fun way to learn Arduino (and electronics) basics.

Workshop C
15:00
15:00
50min
Secure Cell Phone Communication: Mission Accomplished or Popular Delusion?
Dr. Nick Germaine

Attempts abound to manufacture and market mobile phones wherein data generated by or about users cannot be captured by outside entities. To date, however, no large body of secure cell users exists in a manner that competes with the major cell providers, despite experimentation with a wide spectrum of technologies - and what prospects exist are more advanced in the European Union than in the United States. To address prospects of secure cell communication, the range of present technological advances and drawbacks experienced by hardware developers will be outlined. Brief analyses of the best prospective/active networks and the drawbacks faced by less successful developers will be provided. In sum, this talk will provide a working update on the prospect of access to this crucial technology.

206 DAC
16:00
16:00
50min
Executive Order 14028 and Zero Trust Architecture - Now We Must, But What It Means?
Harri Hursti

The President's executive order on "Improving the Nation's Cybersecurity" (14028) issued on May 12, 2021 started a process, which was followed on January 26, 2022 by a "Federal Strategy To Move the U.S. Government Towards a Zero Trust Architecture." This calls for wide cooperation between government, public, and private sectors. The executive order also calls for "enhancing software supply chain security" with an emphasis for which open source software would be the most reasonable solution. As response to the recent war in Ukraine, major governments have asked the private sector to "shield up," increasing the urgency of adaptation on the private sector - and recent successful penetrations of critical systems overseas should be seen as a foreshadowing of things to come.

Zero Trust is a journey, and an over-hyped term. What does it mean in this context? The cornerstone these implementation requirements are built upon is the "identity management," not only for humans, but also for devices, instances, and services. "Once in a million" used to be a moniker for acceptable risk, but with the rate velocity of business and the volumes that transactions have reached, it may translate to seconds instead of years. And the elephant in the room: How do we manage identities without sacrificing privacy?

Little Theatre
16:00
180min
Irradiant Waves Program (4 of 6)
David Goren

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City's vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

Other
16:00
50min
Leaks and Hacks: Four Years of DDoSecrets
Lorax B. Horne, Freddy Martinez, Emma Best

Distributed Denial of Secrets has published more than 70 terabytes of data since launching in 2018. The transparency collective formed to capture the data released by hackers and leakers, and to keep documents of historical importance available to journalists and other researchers.
DDoSecrets has since become a stable repository for many sorts of archives, despite pushback and censorship. During Russia’s war on Ukraine, hacktivists took a special interest in Putin’s sprawling bureaucracy, exfiltrating reams of records from the erstwhile insular country. With their mission and experience publishing data like Blueleaks, DDoSecrets was well-placed to archive the informational spoils of the cyberwar.
They believe that data can only be a part of the story, so they rely on the public to examine their datasets in detail. They have made mistakes along the way. The project is a work in progress. They want their existence to provide inspiration for future leaks publishers, and hope for sources. Come to hear them discuss the strategies that they’ve seen work.

416 DAC
16:00
50min
The Ransomware Protection Full of Holes
Soya Aoyama

In the fall of 2017, after the WannaCry outbreak, Microsoft implemented ransomware protection in Windows 10 to counter it. The basis of this ransomware protection was "controlled folder access," which is a feature full of holes and various flaws pointed out by many researchers. However, Microsoft says that controlled folder access is the defense-in-depth security feature and is not subject to bug bounty. In 2021, Forbes published an article about ransomware protection of Windows 10 being effective for protection. To show that the article was wrong, Soya decided to recheck previous research on how to inject File Explorer with the latest Windows 10, then found that Microsoft had secretly fixed it. Frustrated, Soya started investigating to see if there were any other holes in the ransomware protection and, as a result, found a way to bypass the ransomware protection in a very silly way. It was possible not only on Windows 10 but also on Windows 11.

In this talk, Soya will review the previous bypass method and present a new ridiculous bypass method, as well as remote attacks using other vulnerabilities along with demonstration videos. This is so simple that anyone can easily imitate it. (However, be sure never to create ransomware with this technique.)

206 DAC
16:30
16:30
60min
Models for Community Curation
Aziz Isham

How can we build local networks that curate, support, and incubate arts and creativity? What funding models exist to help us do so? What are the technical tools that we can utilize to make more community arts networks possible? What innovations can allow such networks to form and flourish? In this workshop, you will learn new ways to organize around community curation, from the traditional (grants and donations, fiscal sponsorship) to the experimental (NFTs and collective actions). Artists, creatives, writers, nonprofits, academics, and arts organizations should bring ideas for practical and/or radical ways to support, organize, fund, and fundraise.

Workshop A
17:00
17:00
180min
Cole Fortier plays piano
Cole Fortier

Through piano and vocals, Cole Fortier will perform three different setlists showcasing his diverse musical interests and abilities. Two of the sets will feature covers of famous soulful songs from the 60's, 70's, and 80's. These sets will also blend together his own original music. His music fits within the pop/soul/soft rock stylings of the covers while also incorporating influences of theatre, jazz, and classical music. One of his three sets will showcase an epic extended instrumental piano improvisation!

Other
17:00
50min
How Hip-Hop Can Inspire the Next Generation of Tech Innovation
Manny Faces

Hip-hop is a world-class disruptor. It has transformed music, popular
culture, fashion, business, and advertising, creating (and upending)
massive industries in its wake. This talk explores the enormous
innovative potential hip-hop music and culture continue to exert across
multiple fields and disciplines including science and technology,
education, health and wellness, politics and activism, journalism, fine
arts and... well, everything.

Little Theatre
17:00
50min
Mad as Hell: Is There an End to Subversion?
Johannes Grenzfurthner

We (almost) made it through a pandemic abyss, the Trumpian "fake news" wars, right wing QAnon trollery, and pathos-laden political truthiness. As a provocateur, political artist, and activist, Johannes asks the simple question: What is there still to be done? How can there be subversion in a world that is hellbound on waging war with rationality? Is there still a potential in radical pranks and stunts in a mediaspace that is built on spectacle? What can really be done if you are (to quote a 1970s classic) mad as hell, and you are not going to take this anymore?

416 DAC
17:00
50min
Right to Repair: Fixing the DMCA and Legalizing Tinkering
Kyle Wiens

You gotta fight! For your right! To fix and tinker with your stuff! But the evil Section 1201 of the DMCA still stands in your way. Kyle will lead a discussion on the latest efforts to fix that, from the leader of the coalition that passed Right to Repair in New York and is crusading for fixer rights everywhere.

206 DAC
18:00
18:00
50min
Beyond the Digital Nomad: Finding Refuge and Building a Life
Elior Sterling

In this talk, you will learn about realistic options for moving to another country, getting work permits, residency, or even a second citizenship no matter what your current citizenship may be. You'll also learn about organizations that are already helping vulnerable groups find refuge in other countries. Elior will talk about finding your "points of privilege" and taking advantage of them for your own safety and that of your loved ones. You'll leave with links and keywords to help you research safe locations, visa requirements, and work opportunities.

206 DAC
18:00
120min
Hands-On Introduction to Apache Beam (Any-Scale Data-Processing)
Austin Bennett

Apache Beam is an open source unified model for defining data processing pipelines (Batch and strEAM), which allows you to write your pipeline in your language of choice and run it with minimal effort on the execution engine (ex: Apache Spark, Apache Flink, Google Cloud Dataflow) of choice. In this practical session, you will get hands-on experience writing Beam pipelines, as well as learn about the fundamentals of the Beam programming model and SDKs (ex: Python, Go, Java). Also, Austin will be open/available to talk use-cases and more.

Workshop A
18:00
50min
Online Operations for Protests and Pranks: How to Get the Truth Out Without Getting Shut Down
Jim Haugen, Sam Peinado

As the Internet centralizes, it gets harder to keep sites up that disrupt corporate power. In 2020, several members of climate activist group Extinction Rebellion took their street-based disruptions online, to get the attention of big companies that were contributing to climate collapse. They adopted the tactics of prankster/activists The Yes Men. They began with a viral pseudo-announcement from Google regarding their funding of climate-denying lobbyists. The activists recently went after a refinery project in Wisconsin, resulting in dozens of articles and TV news stories. These activities and other similar online protests invite takedowns galore from target corporations. This presentation will explore learnings for keeping a site up and maximizing impact in the face of legal complaints and takedown requests targeting domain registrars, Internet service providers, email service providers, and social media networks.

416 DAC
18:00
50min
Project MKULTRA Cracked: Declassified CIA Brain Warfare Research Indexed by Academic Publications
Josh Patrick "Peon" Paulton, Alannah Clamp

Project MKULTRA has become a modern mythology about the creation of mind controlled agents called Manchurian candidates. Misinformation and disinformation has obscured the project's research that was to understand the security of humans' mind/brain in brain warfare. The modus operandi was "research and development of materials capable of producing behavioral or physiological change in humans." From 1953 to 1964, witting and unwitting researchers performed 149 sub-projects covertly funded through cutouts at 86 North American institutions. In 1975, Project MKULTRA was declassified. The controversial human experimentations were reviewed by U.S. President Ford and the U.S. Congress, but in 1973 CIA Director Helms had the records shredded.

The method to crack Project MKULTRA sub-projects' identities using open source intelligence is detailed in this presentation. First, redacted indexes from the congressional review organize the large declassified CIA data-set of surviving financial records. Next, society documents from cutout granting agencies trace funding from Project MKULTRA sub-projects to researchers. Then, funding acknowledgments to cutouts in academic publications reveal a complete research cycle. Finally, a cracked index of Project MKULTRA sub-projects shows confirmed, and unconfirmed but known, participant identities.

The cracked index's percentage of completion is analyzed against indexes from The Search for the "Manchurian Candidate" by John Marks in 1978 and The CIA Doctors by Dr. Colin A. Ross in 2006. An art infographic displays the sub-projects' identities and academic publications. The cracked index produced through acknowledgments to cutouts shows an accurate history of brain warfare research and development in Project MKULTRA, different than the modern mythology.

Little Theatre
19:00
19:00
240min
Analyzing Android Malware - From Triage to Reverse Engineering
Vitor Ventura

Android malware has become prevalent across the landscape. In this workshop, Vitor will provide hands-on reverse engineering techniques for Android malware. This workshop is designed to provide the participants with different approaches to malware analysis, so that they can perform their own analysis without the use of automated tools. When everything else fails, knowing how the tools work under the hood provides the necessary knowledge to bypass the problems encountered. The attendees will learn, by doing it themselves, how to bypass the most common techniques used by malware to prevent analysis. The objective is that the attendees understand how they can use techniques like instrumentation and patching to help them analyze and bypass malware defenses when the automated tools fail, while using only free and open source tools.

Workshop B
19:00
50min
Combating "Ransom-War:" Evolving Landscape of Ransomware Infections in Cloud Databases
Aditya K Sood,PhD.

The attackers are targeting cloud databases used for modern applications to subvert the integrity and confidentiality of the stored data. Databases, including MongoDB, Elasticsearch, etc., are being infected with ransomware and exploited in the wild to conduct data exfiltration and data destruction. This talk will present a threat landscape of ransomware and botnet infections in the databases deployed for modern applications. The talk unveils the techniques and tactics for detecting ransomware and botnet infections in the cloud databases by practically demonstrating the detection of real-world infections using developed tools. The audience can use the tools to conduct an efficient security assessment of cloud databases against severe infections. The talk equips the threat researchers and penetration testers to build threat intelligence that can be consumed at a large scale. The audience will visualize real-time ransomware detection in cloud databases, including interesting insights into how these databases are compromised.

206 DAC
19:00
50min
Demand Protest: Manufacturing Truth in a Post-Truth Era
SquareMatrix

Online hoaxes have evolved from the realm of folk tales and anarchic fun to becoming one of the primary weapons of choice in the post-truth world, now used by intelligence agencies, corporate interests, and even hacktivists. This talk will examine the history of online hoaxes and propaganda while dissecting the tools and tactics that have become the modern weapons of political warfare. SquareMatrix will provide a behind-the-scenes anatomical look into the inner workings of Demand Protest, an online political hoax purporting to be a company running large-scale paid protesting and public influence operations. This project briefly captured conservative media’s imagination in the run-up to the 2016 election and ultimately forced them to debunk a false narrative about paid protesters that they themselves had created. The tactics and learnings from a hoax that caught the attention of The Washington Examiner, InfoWars, “The Drudge Report,” and Tucker Carlson will all be laid bare by those that perpetuated it. Why leave shaping reality to the bad guys?

416 DAC
19:00
180min
Fabrica de Unicornios Muertos: A Freaky Switched Capacitor Filter Eurorack Module
Travis Johns

Introducing VF's first DIY Eurorack module - the Fabrica de Unicornios Muertos! It's a switched capacitor filter, which is kind of a different beast than your usual techno sweepy-resonance things. Instead, it works harmonically - meaning as you turn the knob, things get freaky. And if those sounds are already freaky, things get freakier. It makes things crunch, chirp, and sputter and once that's over, it lets you in on the sounds behind the sounds. It's also a skiff-friendly 6 hp - always good when adding a touch of flavor without filling up your case. For this workshop, no prior electronics experience is needed and yes, you get to keep this module at the end of the workshop. Some synths will be available for testing, but if you want to share your setup, nothing's stopping it from tagging along to jam the sweet space music once this thing's all buttoned up.

Workshop C
19:00
50min
Proof of Vaccination Technology and Standards
Dr. Greg Newby

The technology and standards behind proof of vaccination credentials (PVCs) will be described. PVCs are implemented as human- and machine-readable documents, suitable for vaccination verification apps. The SMART Health Card standard, which is in use in the U.S. and Canada, will be introduced. Emphasis will include the data integrity and anti-fraud measures included in the technical design and workflow of PVC issuers. Some of these measures will be familiar to HOPE attendees, such as public key cryptography. The talk will also tell the story of how government and industry designed and implemented the PVC, along with the international cooperation that allowed for interoperability among jurisdictions.

Little Theatre
20:00
20:00
50min
Cat-Shaped Hacker Hardware: How I Accidentally Made a Business at 18
Alex Lynd

Education-focused hardware fails to fill gaps of knowledge in niche areas of computer science (like cybersecurity), often begetting compromises in user accessibility. When Alex set out to design the "WiFi Nugget" - a beginner-friendly, cat-shaped development board catered towards cybersecurity beginners - he was faced with unique challenges in creating a platform that brought both ease-of-use and extensibility to users. He wanted a hands-on design that would make it easy for beginners to learn daunting topics like WiFi security and USB attacks through a guided, streamlined interface - while also offering accessible hardware and software modularity.

Striking a balance between both while attempting to successfully bring a niche product to market engendered interesting design problems. Learning to surmount these challenges - in effective interface design, hardware prototyping, supply-chain management, and more - has since scaled this project into a successful startup that creates cybersecurity-focused content around an open-source project, and allows for employing budding makers in the local community to help assemble products.

The current iteration of the Gameboy-esque WiFi Nugget allows beginners to assemble a DIY kit including a screen, D-Pad button interface, multicolor LED, WiFi microcontroller, and 3D printed enclosure. And through (cat-themed) software like the "Nugget Invader," users can learn and test out common WiFi attacks through an intuitive interface while getting reactive feedback via cute cat graphics and a colorful LED indicator. Other software like the "RubberNugget" also allows users to explore hacking techniques such as HID attacks, letting them deploy DuckyScript keystroke injection payloads and more.

The multifaceted WiFi Nugget has been the centerpiece of community workshops, allowing for the teaching skills in hardware assembly and design, WiFi hacking, Python scripting, and more - and also is fostering the growth of the hacker community by empowering beginners with free, open-source educational content. In this talk, Alex will discuss the challenges he faced in designing a niche, education-focused tool for cybersecurity beginners, and he will outline how his design choices grew this project into a successful startup in six months.

206 DAC
20:00
110min
Hacker Representation Through the Years: A Guided Tour of Hacker Appearances in TV and Cinema
Alex Ivanov, John Dunlap

How did we get here? How did we get to the hacker hoodie? How did we get to the nefarious villain typing through walls of eerie green phosphor?

MrSynAckSter and FakeRussian will take you on a trip through the history of hacker representation, charting the formation of the hacker "character" in the popular consciousness through their representation in film and TV. Starting with early references and moving on to the iconic, the presenters will show how the hacker got their hoodie and how the character was shaped in the popular imagination. You will also get a chance to explore alternate views of hacker representation in film and TV, including obscure foreign movies as well as lesser known works. Hilariously off-base examples are sure to crop up.

Little Theatre
20:30
20:30
120min
Freedom of Information (FOI) Workshop, 2 of 2
Michael Ravnitzky

Public records requests are an important research tool. But for these requests to be effective, you need to know how to make the requests so they have the best chance of success, and to be able to counter obstacles that agencies may throw in your path. This workshop teaches the nuts and bolts of submitting FOI requests to federal, state, and local agencies. Learn how to formulate and submit records requests (even from your phone), and how to overcome stonewalling, delays, unfair fees, and release of records in unhelpful formats. Find out how to tap agency portals to track requests, how to negotiate with agencies on the scope of your request, how to best appeal incorrect agency decisions, and how to seek declassification of classified records. The workshop will offer ample opportunities for Q&A, so bring your toughest FOI questions and real-life examples to learn from.

Workshop A
21:00
21:00
50min
Don't Get Tangled up in Your Cape: Hero Culture as a Negative Force in Cyber Security
George Sandford

Everyone loves a good hero story, except when it provides a foundation for burnout, gatekeeping, intolerance, and creating a toxic culture. This talk explores the origins of no sleep, no downtime, chaos-driven response, and reward systems alongside "superpower" skillsets that act as barriers to entry for many early in career individuals. It examines conditions that value and foster isolation and burnout, and often portray mental health issues as weakness. It provides real-world examples of the impact of "hero culture" as a negative element in the infosec community, including social media communications, adversarial interview processes, and corporate messaging. Lastly, it presents strategies for addressing these concerns and resources for those struggling or wishing to grow beyond the current state of affairs.

206 DAC
21:00
50min
Hackers Got Talent
Jason Scott

Do you have a cool talent or hack? Here's your chance to present it onstage to a large audience of enthusiastic hackers, hosted once again by hacker archivist Jason Scott. Onstage hacks will be judged by a combination of panelists and audience. First place wins a valuable prize!

416 DAC
22:00
22:00
170min
Demoscene 2022: Electric Boogaloo
Inverse Phase

Aspects of an ongoing computer art subculture called the demoscene might just permeate everything you do with computers in one way or another. This scene, dedicated to squeezing every ounce of computing power out of a platform, does so by creating amazing works of art, motion graphics, music, and of course, code. People who aonce cracked copy protection on games now make music videos. People who pirated software hire artists to decorate their new distributions. What is going on in this scene in 2022? Join Inverse Phase for this talk about how we got here and what we're doing to push the envelope today in algorithmic computer art. (Expect hours of art and music during this late-night presentation.)

Little Theatre
22:00
50min
Medical Devices - Security and Privacy Issues (He's Dead Jim! (not really))
Jim, RNA, Pam

Red Balaclava aka Jepardy!Jim aka the "Metrocard Hacker" from previous HOPE cons and Off The Hook gives a demo of his cool new medical device. Pam will assist, followed by a demonstration of her own spinal implanted medical device.

NEITHER device shall be hacked during this conference!

RNA will discuss the security and privacy issues inherent in the growing use of medical devices -how they communicate and how they may leak information, where to find instructions to build simple medical monitoring devices yourself, and overall delight you with hard science facts.

Panel -
•RNA, wily PhD who follows the good, bad and even ugly developments of medical devices, with an eye for preserving privacy and security. She points out, there is no longer any privacy, you should be afraid. Be very afraid.

•Pam, serious hacker. Seriously. InfoSec chick extrodinaire. Reporter of the White House Communication Pager Scandal

•Jim, aka Red Balaclava, aka Jeopardy! Jim, aka The Metrocard Hacker. Informer of the workings of the MTA's early Metrocard system among other exploits.

•Moderator: Alex Urbelis, Esq

206 DAC
22:50
22:50
50min
Hacks Poetic
Kirby Stasyna

A Showcase and Open Stage

416 DAC
23:00
23:00
50min
PEnnsylvania 6-5000: A Hacker Farewell to the Hotel Pennsylvania
Sidepocket, xio

The modern public knew it as the Hotel Pennsylvania. The many people who booked rooms there knew it as the dirty decaying building where they got bedbugs that one time. Throughout history it was known as the The Statler Hilton, The New York Statler, and the New York Penta. But to mischievous hackers every two years in New York City, it was simply known as home. This talk will be a dissection of HOPE’s former abode as its strange history is examined. Secrets that never saw the light of day until now will be revealed and hacker stories that live in the hard drive of our minds will be shared. Attendees can also come up to the mic and share their stories, grievances, fairy tales, myths, epic yarns, and shocking truths about their own Hotel Penn memories committed to hacker record.

206 DAC
23:40
23:40
60min
RADIO WONDERLAND
jo s h u a

RADIO WONDERLAND pulverizes mass media into little bits that dance.

416 DAC
00:40
00:40
50min
Corset Lore
Tamara Yadao

Corset Lore is the Brooklyn-based, electronic music project of Asian-American composer/musician, Tamara Yadao. She writes electronic, avant-pop in a lyrical and baroque style using vintage Game Boys, synths and vocals. For HOPE 2022, she will perform new material from her forthcoming Fall release, 81 Terpsichore, a concept album based on a futuristic culture obsessed with the uncanny.

416 DAC
01:30
01:30
60min
D3nt
D3nt

D3nt will be performing polyrhythmic noise beats with Ableton. He will also be unveiling the “Chaos Glove”, a custom bluetooth MIDI controller, whose code and schematics will be shared upon request.

416 DAC
02:30
02:30
30min
more
more

Take a trip through the Jungle (Amen) with noise and some reverse engineered 8 bit sounds. Real low bass and syncopated sonic pi driven beats, and propeller based generated sound effects.

416 DAC
03:00
03:00
120min
dj-spock DJ set
dj-spock

dj-spock DJ set will take you to space. Dance, code, hack or just listen to finest space tunes :)

416 DAC
10:00
10:00
50min
ARTificial Intelligence - How IP Law Handles Machine Creations
Ed Ryan

The development of sophisticated machine learning models in recent years has been pushing into realms of human creativity, and that has implications for patent and copyright law. Can a machine be an “inventor?” Does the machine’s output qualify for copyright protection? The development of the DALL-E and DALL-E 2 systems directly call the very concept of “creativity” into question, while the former is being actively litigated in courts around the world.

416 DAC
10:00
50min
Hack Cancer: How Hackers Can Help Save 9.5 Million Lives Every Year
karamoon

Cancer is a leading cause of death worldwide, but there’s never been a serious attempt to cure it. We’ll never have a cure for cancer with the current approach. We need something new, a new way of thinking. In this talk, Karamoon will explain what cancer really is, why so many people get it, and why it’s been so difficult to treat. He’ll then give a blueprint for both curing cancer and for scaling the cure, because even the poorest of countries should have access to effective cancer treatments. We can and must cure cancer now. Watch this talk to find out how.

206 DAC
10:00
60min
Learn to Solder With BiaSciLab and Girls Who Hack! 3 of 3
BiaSciLab

In this workshop, you will learn the basics of soldering by assembling the Girls Who Hack soldering kit! This class is aimed at kids (younger ones will need adult supervision), but adults are welcome as long as they make room for the kids. Kits are available for \$10.

Workshop C
10:00
50min
Social Steganography: Sending Messages in the Clear for Fun and Nonprofit (Or How I Learned to Stop Worrying and Love Cleartext)
Greg

Much has been spoken about the topic of the "CIA triad" (Confidentiality, Integrity, and Availability), but much less has the topic of non-repudiation been discussed. In this talk, Greg will discuss how the most powerful propaganda is the selective telling of truth as he discusses deploying disinformation techniques developed for use in totalitarian regimes (specifically, a ride on the choo choo from Moscow to Beijing) in his own area code due to a combination of COVID and killer cops. Come to this talk if you want to learn to navigate in a cyberpunk hellscape of hot takes and cold reads so fearless and adversarial, when you're done using your free expression, they'll have to shut down your old scout troop and the Catholic Church that hosted them.

Little Theatre
10:00
150min
The Job Seeker of Information Security - Beyond COVID-19
Tas

This workshop will focus on helping attendees hunt for their next job in the information security world, post COVID-19 and with the understanding of the current job market. You will dive deep into the stages of job hunting, hiring process, and hands-on learning on numerous tools that you can use to help your job hunt, including LinkedIn and Canva. The current cyber security market will be reviewed, along with the skills used on each common position. Tas has already been through this process during COVID-19 and he would like to share the knowledge gained along the way. All the presentation materials and tools will be free and available for participants before their session. Hopefully after this, the attendees' next gig will be right around the corner!

Workshop A
11:00
11:00
50min
Biological Time Hacking
Kenji Larsen

Time is the most valuable asset we have. As biological organisms, our experience and usage of time is often formed by limitations imposed by the biological form. The organism requires energy and matter in several forms. We can only buffer so much of each before replenishment is required. We must eat, drink, breathe, all more or less on the body’s schedule - not one determined by our intent. Delay too long and it becomes an emergency. The body imposes other requirements on waste elimination, cleanup, and processing. This is true of physical matter, but even more so for the body’s most energetic organ - the brain. Sleep can force temporal interruptions for a third of our lives! Delaying sleep can be even more costly later. It is difficult to consume matter while asleep, forcing serial time interruption, further shortening the available useful waking time for us. Sleep mechanisms are now better understood than in recent years. Is it possible to intentionally optimize these biological requirements so that they work well with modern human intentions? This talk explores the mechanisms and components that may be applied to temporal optimizations.

206 DAC
11:00
120min
Irradiant Waves Program (5 of 6)
David Goren

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City's vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

Other
11:00
50min
Shoplifting on a Budget: Exploring Bypasses for Retail Security Tags
MakeItHackin

Shoplifters vs. security. In this talk, you will learn how to think like a criminal... and about retail loss prevention. Stores deter theft using Electronic Article Surveillance (EAS) devices, which include clothing ink tags, security boxes/wraps, and labels. This talk will cover EAS basics, demonstrate functionality, and bypasses of several device types.

Audience members may volunteer to participate in the 'Catching a Shoplifter' challenge to see if they can bypass EAS devices without tripping the alarms. Hackers will enjoy EAS bypasses due to the similarities between wireless hacking, lock-picking, and lock-bypassing. This also provides security awareness for loss prevention and C-level decision makers when selecting theft deterrents of this nature.

Little Theatre
11:00
50min
Using Security Automation to Organize Your Cyber Threat Intelligence Knowledge
Andrew Ku

Enterprise security tooling is expensive. Enterprise intelligence tooling is expensive. Enterprise cyber threat intelligence tooling doesn't have to be. OpenCTI is an open source comprehensive platform that allows organizations to manage, structure, store, organize, and visualize their cyber threat intelligence knowledge and observables. It uses a modern tech stack built on NodeJS, Python, GraphQL, Elasticsearch, RabbitMQ, and Redis. It boasts a bustling community that provides active support to newcomers and encourages contributions from the experienced. It currently possesses the ability to import, enrich, and funnel data to/from 50+ common household names in security products!

This talk will outline how the platform can be deployed, scaled for high availability using cloud native strategies, and utilized by strategic and technical cyber threat analysts at any seniority level. The talk will also touch upon how security automation fits in the grand scheme of things to compound the operational work by other security teams.

416 DAC
11:30
11:30
60min
How to Start Contributing to Open Source: Examples From the Apache Software Foundation and Beyond
Austin Bennett

Open source software sounds great to use, and hopefully even better to contribute to! This session will discuss and demystify the various ways to get involved with open source software, with notable examples taken from within the Apache Software Foundation, though this session will speak to the larger ecosystem more generally.

Workshop C
12:00
12:00
50min
Cast-Away: A DIY Platform for Video Capture, Automation, and Various Antics
Adam Tannir

Inspired by existing projects (and some cable company shenanigans), this venture seeks to develop a few tools to assist in the capture and analysis of analog recorded and digital broadcast video sources. Currently dubbed Cast-Away, the system is designed to provide remote monitoring of live video, a bit of computer vision, and to reduce a few headaches involved with elder media through automation. Utilizing available off-the-shelf parts, the goal is to provide a low-cost and accessible solution that can also be a useful starting point for others to build on. This effort is a work in progress.

206 DAC
12:00
50min
Electronic Warfare on a Budget of $15 or Less
Lucas Rooyakkers

You are constantly being irradiated by a plethora of gadgets and gizmos firing photons through your body every second, so why not figure out how to read those airwaves?

Learn to, on a $15 budget: plot the flight paths of dictators; stingray your own phone; track the movements of fishing fleets; listen to the local taxi dispatch; find signal from outer space and other radio astronomy; read airline pilots' text messages; get pinged when pager messages are sent; hack Wi-Fi (but with an SDR); communicate via shooting star (really); and much, much more!

416 DAC
12:00
50min
Quiet! How Local-First Software Can Keep Remote Teams Safe and Unlock a New Wave of Software Freedom Activism
Holmes Wilson

The pandemic pushed more groups than ever into using online collaboration tools, but for many these tools are not safe. This talk proposes a way to improve that situation, as well as a newish approach to building such tools that could be the basis for a new era of the free software movement.

First will be a demo of Quiet, a Tor-based, peer-to-peer team chat app that is familiar and usable, but doesn't require trusting a corporate cloud, bringing one's own server, or using a friend's server. In Quiet, team member devices connect directly to each other over Tor onion services and sync data using a CRDT. (And it works well!)

Second, Holmes will show how this "sync directly over Tor" approach is generalizable beyond chat apps and can be used to build secure, autonomous alternatives to a broad class of collaboration tools that currently depend on some sort of cloud, such as Google Docs, Basecamp, Trello, Asana, Figma, 1Password, LastPass, and so on.

Finally, there will be a survey of the growing movement of thinkers and builders (sometimes calling themselves the "local-first software movement") who see a path to making this private and secure alternative approach to software even easier for small teams than building federated or cloud-dependent apps, and you will hear a rousing case for why developers and early adopters should join this awesome movement. (Spoiler: because by joining this movement you can advance the privacy and security of groups doing sensitive work right now, while at the same time laying the groundwork for a better way to make software in the future that would give all users more privacy, security, and control.)

Little Theatre
13:00
13:00
50min
Hackers Can Help: Open Technical Problems in Investigative Journalism
Brandon Roberts

Hackers and programmers are an incredible pool of talent capable of facilitating meaningful change. Brandon has talked to many people who, in the pursuit of journalistic action, build things that either already exist or aren't actually useful. This talk will cover real-world and unsolved technical problems journalists face that, if solved, would benefit and enable many investigative projects. You'll become familiarized with the general process of data journalism and explore practical ways for people to get involved, using their technical skills at the local level.

206 DAC
13:00
50min
How to Bargain With a Black Box: Hacking a Path to Data-Driven Organizing
Dan Calacci

Workers across the world are increasingly subjected to data-driven and algorithmic management, where digital tools influence and define their working lives. As traditional employment relationships break down, these tools are increasingly filling the gaps. How can workers fight back? In this talk, Dan highlights several recent projects that leverage worker-owned data for organizing campaigns, using tools developed in collaboration with workers and organizers. Each project represents a different way that data can be used to fight for worker rights. In the first project, he will show how even simple tools like a chat bot can be used in an organizing campaign to scale an algorithmic audit of a delivery platform company. In a second, Dan will discuss his experience helping develop technology to measure and fight wage theft in a "data for unions" workshop with trade unions across the global south. He will then go over the lessons learned from these projects, and outline the digital future for labor rights and collective action.

416 DAC
13:00
120min
Programming in Zero Knowledge
Ying Tong

Zero-knowledge proofs are primitives for proving the integrity of arbitrary computation over confidential information. They are used in applications like private digital cash and anonymous voting. In this workshop, you will learn the theory behind zero-knowledge proving systems, and try your hand at writing a few circuits. The session will also brainstorm ideas for more private applications that can be built.

Workshop A
13:00
50min
Remember the Internet: Hacking Publishing With Instar Books
Jeanne Thornton, Miracle Jones

During the pandemic, Instar Books launched a book series called 'Remember the Internet', purporting to be a complete history of the Internet, one book at a time. The series looks at discrete cultural or technological moments in Internet history, attempting to figure out what is heartbreaking/weird-as-hell/special about them, trying to do Internet history the same way that people chronicle specific battles during wars (books so far: Tumblr Porn, Tori Amos Bootleg Webring, Google Glass). Internet history is precarious, weaponized, and unstable. How does one go about soliciting and editing books that try to get at some version of the truth? The ossified and conservative book publishing world is a system like any other that is ripe for revolution. Don't let corporate consolidation fool you: publishing has never been easier or cheaper, and ebooks have created an extremely dynamic environment with many opportunities for cunning and piratical minds.

Little Theatre
13:30
13:30
150min
Learn to Solder - Digital Music Synthesis workshop with ArduTouch music synthesizer kit
Mitch Altman

Learn to solder together a way cool, powerful music synthesizer - and learn how to make cool music, sound, and noise with a computer chip! For total beginners. Participants will learn to solder well for life, learn the basics of digital signal processing, and will bring home a working performing music synthesizer that is Arduino compatible, with a touch-keyboard and with a built-in speaker/amp.

Workshop C
14:00
14:00
50min
Hacking the SAT
Rob Cohen

As the pandemic has accelerated the already emergent trend towards test-optional college and university admissions, the SAT is poised to undergo yet another transformation. Whatever the changes happen to be, Rob is confident that this future incarnation - just like all previous incarnations - will be vulnerable to "hacking." In this talk, Rob will spotlight the features of standardized tests (specifically, the SAT/ACT in their current forms) that make them vulnerable to various backdoor techniques that circumvent the need to "understand" the content of a given question. Accompanying this exploration will be a larger questioning of the supposed merits of these tests in the first place.

Little Theatre
14:00
30min
Mindfulness - The Link Between Stress and Virtual Perception
Obi O'Brien

The connection between stress and perception will be explored in this workshop, sharing "practice formulas" on how to meet discomforts that we may encounter in an increasingly virtual environment. Participants will also engage in two short meditation practices with a focus on sound and the body. The goal is to give participants the tools to develop or enhance a meditation practice of their own, as well as sharing the science and research behind the stress phenomenon we experience.

Workshop B
14:00
50min
Revolution During Disintegration: Lessons From a Brief History of Yugoslav Computing
Vlado Vince

The socialist Yugoslav state was in many ways an aberration of the polarized Cold War period. Socialist, but not Soviet-aligned; friendly, but not exactly allied with Western Europe and the U.S.; its unusual position produced unique developments in computing. At our current tumultuous historical moment of the pandemic, worsening climate crisis, and most recently the Russian invasion of Ukraine, we may be witnessing another global polarizing moment that may have long term political, cultural, and technological consequences. By looking at unusual technological developments from the late Yugoslav period - the curious case of Iskra Delta and DEC collaboration, the history of the Galaksija (the Yugoslav DIY microcomputer), and the development of JUPAK (Yugoslav Packet Network) - Vlado will offer a few lessons as we potentially move into a world where technology is once again an integral part of geopolitical conflict.

416 DAC
14:00
50min
School Districts Should Not Be in the Business of Intelligence Collection
Harry Jackson

Why in the world would a school board need to collect intelligence on parents, students, and the public to evaluate if they are a threat, including to a school district's "brand?" Such data collection is reminiscent of intelligence-community abuses exposed in the 1970s during hearings of the Senate's Church Committee.

In the name of "safety," Fairfax County Public Schools, located in the spy capital of the world, is seeking to acquire a covert intelligence capability without oversight. Last November 11th, Fairfax County Public Schools published "Informal RFP3100000481" for "software to expand the FCPS social media research program, to allegedly detect or deter any negative actions or consequences from social media which may be directed to racial groups or any other student or teacher within FCPS." Fairfax, Virginia is not unique. Other school districts across the country are seeking to develop this capability. This talk will explain why parents, students, and the community should be aware.

206 DAC
15:00
15:00
60min
A Brief Introduction to the Fediverse
Murph

The Fediverse is a collection of communities that is a bit of a throwback to a smaller, more personal time on the Internet. There are services for short messaging, audio and video sharing, and event organizing, among other things. Mastodon is a fully open source social media platform, with no advertising, monetizing, or venture capital. It is a part of the Fediverse, a social network that is truly a network, by incorporating ideas and protocols that allow users and information to freely spread throughout a wide diaspora of servers and services. Explore how you might wish to join into the rich, new world that has more of a resemblance of the Internet as it was envisioned to be.

Workshop B
15:00
50min
Five Dollar Cyber Weapons and How to Use Them
Kody Kinzie

For five dollars, hackers can buy more power than ever before thanks to low-cost microcontrollers! The cost of sophisticated attacks has dipped below five dollars, but knowing the capabilities of each platform can be confusing. Kody will highlight free projects demonstrating advanced Wi-Fi phishing, HID bad USB attacks, and bleeding edge Wi-Fi research using the ESP8266, ESP32s2, and other low-cost microcontrollers! Finally, he'll show how anyone can get started programming their own custom hacking tools using beginner CircuitPython.

416 DAC
15:00
50min
Hacking Comprehension: Overcoming Limitations to Better Understand the World and Each Other
Jamie Joyce

We see the world differently - literally. Our brains hallucinate reality before our "eyes" and certain cognitive biases can coerce certain realities to be conjured over others. No wonder we can't agree on what color the dress or these crocs are. But it gets more complex: humans are subjected to hundreds of cognitive biases and logical reasoning errors, plus we have decades of built-up priors, limitations on time and attention, and we're not all operating from the same sets of information. So what would we have to do in order to, at the very least, "get on the same page" on high-impact political and social issues? How can we hack comprehension to enable more free, informed, and less biased decisions? The Society Library is a nonprofit organization working to map all points of view on complex social and political issues, but once they have all this information, the trick becomes: how do you get people to understand it all? This talk is about the design challenges and ethical conundrums of compressing complex knowledge and making it comprehendible across various dimensions.

206 DAC
15:00
50min
Hacking the Anthropocene: Life, Biological Complexity, Freedom!
Abi Hassen, Dr. Isaac Overcast

Living systems reuse everything. From metabolic pathways, to DNA and amino acids, to nutrient cycles - modularity, extensibility, and re-use are fundamental to the evolution and sustenance of complex life. Living systems are robust and adaptable precisely because of their ability to reconfigure without needing to "re-invent."

Many social systems are quite the opposite. They are oriented around forms of power (e.g. property, secrecy, inequality) that stifle and prevent the relations that characterize life. If we look at the world through this lens, we might call social/economic/legal/political systems that enable repairability, interoperability, and maintainability (i.e., hackability) systems of life - and those that prohibit hackability systems of death.

This session will explore a hacker ethos that envisions freedom as something more complex and entangled than individual autonomy - i.e., beyond the right to reuse code or repair devices as a matter of individual rights and toward a vision of a hackable world. It will start with a brief exploration of the dynamics of systems of life, and then discuss some examples of hacking as a living process and some conceptual tools for applying this view while focusing on some of the major impediments.

Little Theatre
15:00
180min
Irradiant Waves Program (6 of 6)
David Goren

“Irradiant Waves: Tracing Neighborhoods in the Sky” is a transmission art installation designed to evoke New York City's vibrant and transgressive unlicensed FM radio soundscape in a contained space. Often called pirates for using radio spectrum without a government approved license, these underground stations are a grassroots phenomenon going back over 25 years.

Other
15:30
15:30
120min
Remote Hardware Development, Hacking, Reverse-Engineering, and Education for the Next Pandemi
Tarek Omar

In this workshop you will learn about the available tools and methods that will help you access, hack, reverse-engineer, or teach embedded systems using physical hardware in a remote location. Tarek will share
with you what he successfully used before and during the pandemic to help the Cairo Hackerspace community have seamless remote access to unaffordable (to them) educational embedded systems devices. He will show you how remote hardware tools helped him teach Arduino, robotics, and software defined radio more efficiently to his online students. And lastly, Tarek will present some professional use cases from his personal experience and how it helped him supply a museum and an escape room in New York City with quick remote technical support for most of their
hardware related problems that previously required an engineer to be present in person. He will be using a Linux laptop and Raspberry Pi running Ubuntu.

Workshop A
16:00
16:00
110min
Seize the Means of Computation: How Interoperability Can Take the Internet Back From Big Tech
Cory Doctorow

This is a talk for people who want to destroy Big Tech. It's not a talks for people who want to tame Big Tech. There's no fixing Big Tech. It's not a talk for people who want to get rid of technology itself. Technology isn't the problem. Stop thinking about what technology does and start thinking about who technology does it to and who it does it for. This is a talk about the thing Big Tech fears the most: technology operated by and for the people who use it.

416 DAC
16:00
50min
We’ll Pwn You With Your Wattpad Profile
Roman Hauksson-Neill

Most people don’t know how to choose secure passwords. From those that aren’t even long enough to withstand brute-force attacks to those that include one’s public personal information, many passwords found in the wild are vulnerable to being cracked. In Roman’s talk, he’ll go beyond traditional password security education by discussing how exactly hackers would discover your password and what you can do to stop them. He’ll also showcase his team’s research into automating targeted password guessing attacks: they refined a GPT-3 model on user data from the Wattpad security breach to predict users’ passwords based on information like their username and profile bio. The results? Their model’s guesses are more than three times as accurate as non-targeted ones - no manual OSINT skills required!

Little Theatre
16:00
50min
Writing for the Ear
xio

The purpose of this proposed talk is to explain the audiobook process, be it for LibriVox, Reading for the Blind, or Audible. Topics to discuss will include post-production delivery formats, production workflows (covering hardware and software), and setting up pre-production (book production and personnel coordination). Emphasis will be placed on free/libre toolchains, existing talking book and audiobook standards, and preventing problems that can snarl the workflow.

206 DAC
16:30
16:30
120min
Think Like a Hacker: Lateral Thinking and Social Engineering for Complete Newbies, 2 of 2
Gus Andrews

HOPE often attracts attendees who may be new to the hacking space - people who learned of the conference through the Off The Hook radio show, youth who are keen to get into this space, artists, journalists, activists, and others who see their work increasingly overlapping with hacking. There's a lot newcomers may have missed about hacking techniques over the years! This workshop is for those newcomers, to bring them up to speed about some very fundamental habits of thought in the hacking community. In this session, Gus will get attendees engaged in hands-on exercises developed in the engineering and hacking communities for finding vulnerabilities. To demonstrate counterintuitive strategies beyond code, this will be followed up with examples of past hacking, including social engineering and voting machine testing. Wrap-up discussion explores how these activities change what we think, feel, and see, and what we can do with the systems around us.

Workshop B
17:00
17:00
50min
Can You Travel Without Physically Moving? From "Online Lodging" to "Virtual Travel Package"
Yoshinari Nishiki

COVID-19 effectively stripped away our dreams of intercontinental travel, but gave us an opportunity which otherwise would never have materialized: to rethink how we should travel in the future. Taking inspiration from "Online Lodging" initially begun by deserted Japanese inns, Yoshinari flipped the COVID travel protocol to make sense out of traveling virtually; he hacked the COVID-19 Antigen Rapid Self-Test Kit and turned it into a "Virtual Travel Package". In his presentation, Yoshinari will give an in-depth guide on the essence of travel and how he turned it on its side to create the alternative travel experience.

206 DAC
17:00
60min
Feeling Systems: Using Meditation to Prepare Us for the Metaverse
Obi O'Brien

Advances occurring in spatial computing and new buzzwords like "metaverse" represent both tremendous opportunities and unprecedented challenges upon our "feeling" systems. As stakeholders in an ecosystem evolve to include people, machine, objects, and their environments, we can use mindfulness practices to manage stressors this virtual world may evoke. Using mindfulness, we also can begin to anticipate and address developing questions of this new world order: 1. How do we create meaningful interactions/relationships in a digital world? 2. How do we identify and address trauma as analog and digital interactions become increasingly "seamless?" 3. How do we define "optimized processes" and apply analytics that give positive value to processes that may otherwise be defined as "inefficient," e.g., pausing, looking, connecting? This workshop will invite participants to practice mindfulness techniques, which will include guided practice (in a seated or lying position); gentle movement (with modifications for seated practice), and vocal exercises as part of trauma-informed mindfulness practices.

Workshop C
17:00
50min
You'll Pay For That: Payment Systems, Surveillance, and Dissent
Alex Marthews

There has been a quiet revolution in payment systems and government power. Government efforts to track credit and banking transactions have exploded. Government efforts to discourage cash and to regulate cryptocurrencies have increased. Using examples from Canada, Ukraine, China, and Nigeria, this talk will examine these mechanisms of financial surveillance, discuss the latest innovations in government efforts to track even privacy-oriented cryptocurrencies, and highlight the debates within our community as to how to approach financial surveillance issues. What is our responsibility, as hackers, technologists, and civil liberties people to maintain the privacy from surveillance of people engaged in disfavored forms and topics of organizing and protest? Can we ensure that systems that permit freedom are able to transact privately? Without that freedom, it will be much harder to organize dissent to, well, anything.

Little Theatre
18:00
18:00
50min
A New HOPE Closing Ceremonies

How did it all go? What were your fondest memories? AS HOPE once again draws to a close, you can be assured that one way or another we made history over this weekend. We hope to see you again at our next event.

416 DAC