2.0 -//Pentabarf//Schedule//EN PUBLISH LPHBYF@@program.why2025.org -LPHBYF Movie: Close encounters of the Third Kind en en 20250807T230000 20250808T010000 2.00000 Movie: Close encounters of the Third Kind https://www.imdb.com/title/tt0075860/?ref_=nv_sr_srsg_0_tt_8_nm_0_in_0_q_Close%2520encounters Location: next to Party Area Terrace PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/LPHBYF/ Party Area PUBLISH BAU8GH@@program.why2025.org -BAU8GH Opening en en 20250808T170000 20250808T175000 0.05000 Opening A warm welcome by Nancy and Boekenwuurm, to wish you the best WHY2025 and give a quick intro! PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/BAU8GH/ Andromeda Boekenwuurm Nancy Beers PUBLISH RT9ZHN@@program.why2025.org -RT9ZHN The Only Podcast about a Hacker Camp in the UNIVERSE! WHY? en en 20250808T180000 20250808T185000 0.05000 The Only Podcast about a Hacker Camp in the UNIVERSE! WHY? We would love to share the story about the only podcast about a hackercamp in the UNIVERSE! We've made a s**tload of mistakes, learned a lot and would love to share: 1. The origin story. 3 people and a google doc. 2. What we did to make it happen in the technical sense, but also putting a spotlight on all the AMAZING volunteers pulling this camp off 3. AI use to make the podcast more accessible 4. Lessons learned; what did we learn in creating 42 podcasts in 42 weeks? PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/RT9ZHN/ Andromeda Nancy Beers Ad PUBLISH WQEGCU@@program.why2025.org -WQEGCU Flipping Bits: Your Credentials Are Certainly Mine en en 20250808T190000 20250808T195000 0.05000 Flipping Bits: Your Credentials Are Certainly Mine Well you will in fact receive a stiff bill, generate huge log files and eventually run out of disk space. But on the upside, you will also have collected a treasure trove of legit credentials & interesting stuff like valid OAuth refresh tokens, JWT tokens, bearers, cookies, emails, meeting invites with passwords & truckloads of internet scanner noise. In this session we will revisit bitflip research from the last decade and weponize it. Showcase 'Certainly' a pioneering offensive / defensive tool that employs Wildcard DNS matching & on-the-fly generated SSL certificates and custom payloads for incoming requests across various protocols. All with the intention to downgrade security, harvest credentials, capture emails and replacing dependencies with custom "malicious" payloads PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/WQEGCU/ Andromeda STÖK joohoi PUBLISH MEGUP3@@program.why2025.org -MEGUP3 Evolution and history of 35 years of hardcore/gabber music [XXL edition] en en 20250808T200000 20250808T230000 3.00000 Evolution and history of 35 years of hardcore/gabber music [XXL edition] This talk has it all: licensing, content, audience and noise problems in just one comfortable session. During the talk we'll listen to the evolution of this genre using samples, short mixes and video clips. We'll touch upon the politics of resistance and adoption, politicization of nice people and the death and renaissance of the genre. There is a lot to talk about and to listen to. The "one hour" version of the talk was a hit at Hacker Hotel 2025, and immediately had a two hour sequel in the off-the-record room. While going down this rabbit hole, and to expand on the "one hour" version, we'll take some more time to dive into audio engineering and how to win the loudness war. It will ruin some things some for some people, while opening doors for others. The central question throughout the session will be: "what is hardcore?". This talk mostly focusing on fun and interesting stuff, but due to the inherent nature of hardcore music there might (=guarantee) be references to sex, drugs, violence, profanity, recklessness and spooky scary skeletons in the first ten seconds. This talk is not for all ages and minds. The plan is to have about one to two hours diving into this rabbit hole. After that we'll try to teach you the dance called "hakkuh" and end off with a super varied one hour live set (if time and noise curfew allows) touching multiple genres with different types of hardcore at its center. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/MEGUP3/ Andromeda Elger "Stitch" Jonker PUBLISH 7DMBVR@@program.why2025.org -7DMBVR Stealth Web Scraping Techniques for OSINT en en 20250808T180000 20250808T185000 0.05000 Stealth Web Scraping Techniques for OSINT In Red Team operations and external attack surface assessments, open-source intelligence (OSINT) is a critical step for identifying internet-exposed assets and assessing the associated risks. One of the most common techniques in this phase is web scraping, which automates the collection of publicly available data—often without relying on official APIs that are frequently rate-limited, monitored, or entirely unavailable. In previous conferences, such as Fabien Vauchelles’s talk "Cracking the Code: Decoding Anti-Bot Systems", the focus was on detecting scraping activities at the network layer using TCP/IP fingerprinting and IP intelligence. This presentation builds on that work by shifting the focus to client-side techniques—specifically, browser-based approaches that mimic legitimate user behavior to evade detection. The objective of this session is to explore modern strategies for conducting stealthy web scraping by avoiding API usage and minimizing anomalies detectable at both the network and application layers. Based on real-world use cases, the talk aims to provide actionable insights for security professionals involved in scraping—whether performing it or defending against it.The talk will present concrete methods for data collection, including: - Making direct HTTP/HTTPS requests to web servers—such as websites or HTTP-based services—using libraries that handle protocol-level communication. This method allows efficient data retrieval by bypassing the need to render the page or load additional resources like images, videos, stylesheets, or scripts. It’s fast and lightweight, especially suited for static or partially dynamic content. - Leveraging headless browsers to simulate real browser behavior without a graphical interface. These tools embed full HTML, CSS, and JavaScript engines, enabling interaction with modern, dynamic web applications. This technique is essential when scraping content that relies on client-side rendering or asynchronous JavaScript operations. - Using browser-side scripting tools, such as TamperMonkey, within standard browsers. These tools allow custom JavaScript code to be injected and executed directly on the page, offering a practical and discreet way to automate data collection from within the browsing environment itself. This technique has been successfully applied in large-scale scraping operations, including on major social networks where traditional approaches are often ineffective due to advanced client-side defenses. Beyond the scraping techniques themselves, the presentation will also cover the current detection methods employed by websites to identify automated behavior and how these can be bypassed, including: - Detection of automation environments via specific JavaScript variables (e.g., navigator.webdriver) or discrepancies in the DOM. - Behavioral detection mechanisms such as mouse movements, keyboard activity, or interaction timing. - Identification of scraping-specific browser extensions or content injection tools. - Detection of headless execution environments using debugging interfaces or timing-based heuristics. This talk will provide a technically grounded exploration of the current capabilities and limitations of stealth web scraping from both offensive and defensive perspectives. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/7DMBVR/ Brachium Soukaina Cherrabi François GRANIER PUBLISH WJQNXZ@@program.why2025.org -WJQNXZ I donated a kidney (and maybe you can too) en en 20250808T190000 20250808T195000 0.05000 I donated a kidney (and maybe you can too) Donating a kidney is quite a thing. But it also isn't. But mostly, it is. I will talk about all the aspects (personal, technical, logistical, ethical, financial) of the process. Lots of related but entirely different things. How does it affect me? How long did it take? What does everything look like? What do the numbers mean? What does it feel like? Can you do the same? Should you do the same? Who shouldn't do it? WHY? PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/WJQNXZ/ Brachium Peetz0r PUBLISH TJJR3W@@program.why2025.org -TJJR3W Capture flags and secret tokens at WHY2025 en en 20250808T200000 20250808T202500 0.02500 Capture flags and secret tokens at WHY2025 PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/TJJR3W/ Brachium Thijs Bosschert PUBLISH GVCTEP@@program.why2025.org -GVCTEP 9001 ways to break out of a container en en 20250808T210000 20250808T215000 0.05000 9001 ways to break out of a container PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/GVCTEP/ Brachium Josie PUBLISH CDGWTU@@program.why2025.org -CDGWTU Quantum computers: the ultimate hacking machines en en 20250808T220000 20250808T225000 0.05000 Quantum computers: the ultimate hacking machines This is a first introduction to quantum computers: no prior background needed. We will discuss how quantum mechanics, a theory of microscopic particles, contains counter-intuitive effects like superposition and entanglement. Schrödinger’s cat is an iconic example, where the poor animal is both dead and alive at the same. Interestingly, the same laws of nature make it possible to build an extended set of algorithms, with speedups beyond what we can achieve ‘classically’. I’ll show how we can program today’s quantum computers and show a short live demonstration of the Python package Qiskit. We will learn how to write code that creates something equivalent to Schrödinger’s cat. Then, we will look at one of the most impactful applications. Quantum computers turn out to be incredible hacking machines, making it straightforward to crack widely-used encryption schemes such as RSA and Elliptic Curve Cryptography. We will discuss how long it will take until we have sufficiently large devices, and what alternative cryptography we can fall back to. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CDGWTU/ Brachium Koen Groenland PUBLISH VJVMV9@@program.why2025.org -VJVMV9 My journey into cloud security en en 20250808T180000 20250808T185000 0.05000 My journey into cloud security The talk is about four years of hands-on experience as a CISO in a fast growing fintech company. During this time, I've had the unique opportunity to build an effective and operational security structure from the ground up within a completely cloud-based setup. My experience provides a practical roadmap for understanding the critical nuances of approaching security in a full-cloud, product-driven organization. We'll delve into topics like: * The initial complexities: What happens when you're securing infrastructure that's always changing? * Navigating DevSecOps: How do you embed security seamlessly into a fast-paced development culture? * Real-world pitfalls: Concrete examples of challenges faced and how we overcame them. * Building an effective security posture: Practical insights into creating an operational security framework that actually works in the cloud. The goal is to share actionable takeaways and lessons learned, helping others anticipate and navigate similar challenges in their own cloud security journeys. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/VJVMV9/ Cassiopeia Merlos PUBLISH 9WTQU3@@program.why2025.org -9WTQU3 EntrySign: create your own x86 microcode for fun and profit en en 20250808T190000 20250808T195000 0.05000 EntrySign: create your own x86 microcode for fun and profit PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/9WTQU3/ Cassiopeia Nspace spq PUBLISH 8KERQY@@program.why2025.org -8KERQY Hacker Jeopardy - Round 1 en en 20250808T200000 20250808T220000 2.00000 Hacker Jeopardy - Round 1 PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/8KERQY/ Cassiopeia Eloy PUBLISH LJ9879@@program.why2025.org -LJ9879 About Time en en 20250808T180000 20250808T185000 0.05000 About Time In my previous talks about Audio over IP and AV technologies the Precision Time Protocol has come up repeatedly as something that deserves its own talk. PTP has a wider use case which makes it interesting as a target for shenanigans. The talk aims to consolidate several years of experience and research into a concise understanding of this fundamental technology. No prior knowledge about PTP or network time will be assumed. Some familiarity with networking basics will be helpful, but not essential. Warning may contain hacker humor. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/LJ9879/ Delphinus pcwizz PUBLISH 3AKXN7@@program.why2025.org -3AKXN7 A journey into reverse engineering arcade PCBs for video game preservation via FPGA emulation en en 20250808T190000 20250808T195000 0.05000 A journey into reverse engineering arcade PCBs for video game preservation via FPGA emulation **Abstract:** In an era where classic arcade games risk becoming obsolete, preserving them is crucial. This presentation chronicles a journey from curiosity to creation, demonstrating how FPGAs can be used to create accurate emulator. **Introduction to FPGAs:** FPGAs are versatile integrated circuits that offer unparalleled flexibility for hardware design. Unlike fixed CPUs or GPUs, FPGAs allow for reconfiguration, making them ideal for creating custom solutions like game emulators. This section will explore the advantages of FPGA-based emulation over traditional software emulators, and the existing plateform like the MiSTeR FPGA. **Verilog Programming:** Verilog is a hardware description language used for defining digital circuits in FPGAs. This part introduces Verilog's role in designing these circuits, and how it differ to traditional programming languages. **Reverse Engineering PCBs:** This segment breaks down the process of reverse engineering an arcade PCB. From identifying components and they're connections, to reverse custom IC and schematics creation. **Creating an arcade games core** A case study on the creation of an arcade game FPGA core. Challenges faced during development, and specifities of arcade games emulation. **Conclusion :** The presentation concludes by encouraging attendees to embark on their own journey, offering practical advice and resources tofacilitate their exploration into FPGA-based gaming preservation. The goal is to inspire and equip newcomers with the knowledge and tools to preserve classic arcade games through FPGA emulation. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3AKXN7/ Delphinus Solal Jacob PUBLISH AATCT7@@program.why2025.org -AATCT7 ❤️ Failure - Unbreakable security by breaking things en en 20250808T200000 20250808T205000 0.05000 ❤️ Failure - Unbreakable security by breaking things PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/AATCT7/ Delphinus Jelle Niemantsverdriet PUBLISH EFJTHQ@@program.why2025.org -EFJTHQ Lightning Talks en en 20250808T210000 20250808T215000 0.05000 Lightning Talks Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.why2025.org/Lightning_Talks PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/EFJTHQ/ Delphinus PUBLISH AVK8PL@@program.why2025.org -AVK8PL Energizer for brains and bones en en 20250808T180000 20250808T190000 1.00000 Energizer for brains and bones Hi, I am Dana and work as a teamtrainer / outdoor guide. I work with kids, teens, adults - and I am ever so often amazed how easy and fast we are connecting with each other while moving and laughing and trying to do more or less ridiculous tasks. We would meet somewhere on a field and do a lot of playing and trying stuff. I am very looking forward to having fun and inspiring (a bit of) our muscles and minds together :o) Most of the games and exercises are suitable for persons in wheelchairs or otherwise bodily constricted; we will take whatever challenge it takes to find adaptions for the tasks at hand, so everyone can join in. HOW MANY: min 8, max 30 persons. HOW OLD: min. 6 years old, only when accompanied by an adult. HOW LONG: 30-90 min (however the requests...) HOW OFTEN: I don´t know: maybe every day except the last? WHEN: a good time would be around 10:00 in the mornings or later in the evening, (maybe 17:00), depending how hot the weather would be and if we would find a place in shadows PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/AVK8PL/ Workshop Euclid Dana PUBLISH KHGEYX@@program.why2025.org -KHGEYX Developing harmonized CRA standards en en 20250808T190000 20250808T210000 2.00000 Developing harmonized CRA standards The workshop aims to provide updates on the ongoing work at [ETSI](https://www.etsi.org/) and [CEN-CENELEC](https://www.cencenelec.eu/) regarding [harmonized European standards for the Cyber Resilience Act (CRA)](https://ec.europa.eu/growth/tools-databases/enorm/mandate/606_en), share information on how to participate or just follow the development, and gather questions. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/KHGEYX/ Workshop Euclid fukami PUBLISH 8TBPA7@@program.why2025.org -8TBPA7 TIC-80 workshop & introduction demoscene en en 20250808T210000 20250808T223000 1.03000 TIC-80 workshop & introduction demoscene In this workshop, you will receive an introduction to the demoscene, a digital art community that emerged in the 1980s and 1990s with the advent of affordable home computers like the Commodore 64 and Amiga. The demoscene, still thriving today, brings enthusiasts together at "demoparties" to create "retro" demos on these vintage systems. Meanwhile, modern hardware enables the use of fantasy consoles like the TIC-80, which offer a retro aesthetic with modern programming languages such as Lua, Python, and JavaScript. During the hands-on session, attendees will focus on programming the TIC-80 with Lua, gaining practical experience in creating basic demos. By the end of the workshop, participants should be able to craft their first simple TIC-80 demo or be ready to join creative events like the "byte jam." To make the most of this session, please bring a laptop with TIC-80 pre-installed. Workshop Agenda - Introduction to the demoscene and competitions, such as "byte jams" - Hands-on session with TIC-80, programming in Lua - Guidance on creating simple demos for TIC-80 PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/8TBPA7/ Workshop Euclid Dave Borghuis PUBLISH 7UJWMU@@program.why2025.org -7UJWMU How to accept digital payments with GNU Taler en en 20250808T180000 20250808T193000 1.03000 How to accept digital payments with GNU Taler PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/7UJWMU/ Workshop Giotto sebasjm PUBLISH BPD8GN@@program.why2025.org -BPD8GN Shibari 101 - Rope Bondage for Beginners en en 20250808T200000 20250808T220000 2.00000 Shibari 101 - Rope Bondage for Beginners Instructor @DoodleMe, @KnottyLola, and team will take you through some of the most basic concepts of Japanese rope bondage (Shibari). You'll learn some theory, and a few beginner friendly knots that you can use at home and that lay the foundations to more advanced ties. This peer based workshop is aimed at complete beginners. Singles, pairs and groups are welcome. Spots are limited based on the size of the workshop space. First come first serve. No dress code, but it's suggested you avoid loose clothing as this makes it harder to tie. Please bring your own (non-stretchy) rope if you have it. A bring a blanket or something else comfy to sit on the floor without shoes is useful too. Workshop will be taught in English. The workshop is entirely "lab mode" and there is no sexual content, but it remains for over 18's only. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/BPD8GN/ Workshop Giotto DoodleMe KnottyLola PUBLISH 3C8UAX@@program.why2025.org -3C8UAX Sad But Tribute — The Ultimate Metallica Experience en en 20250808T205000 20250808T230000 2.01000 Sad But Tribute — The Ultimate Metallica Experience **Line-up:** * René – Vocals & Rhythm Guitar * Koen – Lead Guitar * Jesper – Bass & Backing Vocals * Job – Drums From the furious thrash of *Kill ’Em All* to the stadium anthems of *The Black Album*, Sad But Tribute captures the essence of Metallica in every note. Whether you are a die-hard Metallica fan or simply love hard-hitting riffs and driving rhythms, their set will leave no head unbanged. PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/3C8UAX/ Party Stage PUBLISH LPDECC@@program.why2025.org -LPDECC Silent Disco with DJ Luna en en 20250808T230000 20250809T040000 5.00000 Silent Disco with DJ Luna PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/LPDECC/ Party Stage PUBLISH BS99M8@@program.why2025.org -BS99M8 Movie: The imitation Game en en 20250808T233000 20250809T020000 2.03000 Movie: The imitation Game https://www.imdb.com/title/tt2084970/?ref_=nv_sr_srsg_0_tt_8_nm_0_in_0_q_The%2520Imitation%2520game Location: next to Party Area Terrace PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/BS99M8/ Party Area PUBLISH FYX8FV@@program.why2025.org -FYX8FV Imposing Climate Law onto Governments en en 20250809T100000 20250809T105000 0.05000 Imposing Climate Law onto Governments At [MCH2022](https://mch2022.org/#/) I ran into skilled, intelligent young people who were numb about climate change. This is trending, and it broke my reliance on governments to fix this huge problem. It is, after all, a [tragedy of the commons](https://en.wikipedia.org/wiki/Tragedy_of_the_commons) so by default everyone waits for others to make the first move. I adopted a grassroots approach and started taking government to court, alone or as part of [Scientist Rebellion](https://www.scientistrebellion.nl/). Because it really is politics that is failing us. Court cases help executive government to do their jobs, by forcing them to stick to climate laws in spite of politicians without vision, heart or spine. Climate law is mostly international law, which means that it trumps national law, even including anything that a national Supreme Court says. But courts are not the problem, they are well-versed in the travesty of what governments are _not_ doing. They need to be asked to rule on a case though, before they can take a decision. And it takes some work before you get to that point. I am not saying that government is evil. I am saying it is stifled in its ways, it cannot progress because it is obstructed by the past, present, procedures and politics. The everyday working space for civil servants is one of national or even local law. They have insufficient focus on international (climate) law or rely on other parties to remedy it. Also, they cannot always move freely, caught up between their oath of faith and a lack of mandate to interpret laws. With low court fees and no lawyer requirement, administrative law is the cheapest way to go about correcting government, but it takes a fair amount of skill to navigate. I'm still learning, but I can share from experience the most important pitfalls to prepare for. Most of this has parallels in countries outside the Netherlands. What remains is logic, language and ethics. Oh, and some perseverance and creativity. All these skills are native to hackers, and often abundantly so. It can take some designer skill to construct a case that has a chance of making it. And looking at things from different perspectives, while still sticking to concrete goals. During this talk, I will give a few examples. If you want to read up on things, have a look at my [Draaiboek Klimaatzaak](http://klimaatzaak.groengemak.nl/) (in Dutch) or similar resources by others. Finally, it can feel abrasive to step out and impose demands on local government, a national ministry or a central bank. At least, I usually think shyly of what I am doing. But abresiveness is not among my submission filters; I care for being reasonable and having a right to what I'm demanding. And as long as I remain respectful towards the humans on the other side of a case, it is quite simply a democratic right to take corrective or coercive action if the government fails so utterly as it is doing w.r.t. climate change. **IANAL** but what I am is _seriously pissed_ with irresponsible governments around the globe. It is their job to protect our future survival, the evidence and urgency is overwhelmingly clear, but still they leave the free market to corporations with short-term profit as their essential goal. Corporations will bend when curtailed, provided it is done equally to all, and there is only one party with the power of doing that. But government is treating a life-threatening condition as yet another management problem to fit into a 9-to-5 job. So much is done wrong that I find it unethical to sit and wait for a rare breed of climate lawyers to stand up to government mismanagement. Not if all it takes is a few hundred Euros, strict logical reasoning, a few letters full of detailed knowledge in a design with components from a couple of data sheets (a.k.a. climate laws) and perhaps the mentality of living in a makable world (a.k.a. democracy). PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/FYX8FV/ Andromeda Rick van Rein PUBLISH RT9XQ9@@program.why2025.org -RT9XQ9 The EU Just Made Product Security Mandatory — Now What? en en 20250809T110000 20250809T115000 0.05000 The EU Just Made Product Security Mandatory — Now What? On August 1st, 2025, three new cybersecurity requirements under the EU’s Radio Equipment Directive (RED) officially kicked in. This is the first time the EU has imposed hard security requirements on a wide range of everyday consumer products — think routers, smart watches, toys with a Wi-Fi chip, and more. This part of RED is often called RED/DA (Delegated Act), and it's a big deal: security is no longer optional. In this talk, we'll unpack what RED/DA is actually about — how it came to be, why it was pushed through before the upcoming Cyber Resilience Act (CRA), and how that sequencing leads to some strange and messy overlaps between the two. Spoiler: it’s a political and regulatory patchwork. We’ll look at how standardization efforts around RED/DA have developed, but also at how many manufacturers are still figuring out how best to comply, while market surveillance authorities are navigating their own challenges — often working with limited tools, guidance, or resources. On top of all this, the reality is, RED/DA is just a warm-up for the main event: the Cyber Resilience Act. We’ll take a look at what CRA brings to the table, what the current state of standardization looks like there, and what kinds of challenges are already popping up on the horizon. If you’re building, selling, or securing connected products in the EU — or just curious about how regulation is reshaping product security — this talk will give you a clear picture of what’s going on and what’s coming next. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/RT9XQ9/ Andromeda Piet De Vaere PUBLISH MWLGZB@@program.why2025.org -MWLGZB Decoding RFID: A comprehensive overview of security, attacks, and the latest innovations en en 20250809T120000 20250809T125000 0.05000 Decoding RFID: A comprehensive overview of security, attacks, and the latest innovations The talk will cover: 1) An overview of RFID types, including both low-frequency (LF) and high-frequency (HF) cards, briefly touching upon ultra-high-frequency (UHF) systems as well. 2) A breakdown of encryption protocols used in RFID security, highlighting their strengths and weaknesses. 3) A review of documented attacks, including cloning, sniffing, relay, cryptographic, and side-channel techniques. Additionally, analysis of the latest developments in magic RFID cards will be presented. Findings are based on an aggregation of academic research, industry reports, and hands-on testing of RFID systems in real-world environments. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/MWLGZB/ Andromeda Kirils Solovjovs Iceman PUBLISH LHC7QV@@program.why2025.org -LHC7QV From WAN to NAS: A Pwn2Own Journey Through the SOHO Attack Surface en en 20250809T140000 20250809T145000 0.05000 From WAN to NAS: A Pwn2Own Journey Through the SOHO Attack Surface The Dutch NCSC issued a warning last year that they see an increase of threat actors that shift their attention from endpoints to edge devices, including routers. This demonstrates the relevance of the SOHO Smashup category in Pwn2Own. Vulnerabilities in routers that could be exploited from the WAN side pose a real security risk for companies; as these devices are often badly monitored and not kept up to date. Threat actors who are able to compromise a router are in a key position to further advance into the internal network of a company. In this talk we'll describe the vulnerabilities and exploits. Specifically, we'll describe our research method on the QNAP router. We tried to increase our attack surface step by step, until we found a reliable exploitation path. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/LHC7QV/ Andromeda Daan Keuper Thijs Alkemade PUBLISH GGDRKY@@program.why2025.org -GGDRKY DNA & Molecular Biology: A 2025 digital view en en 20250809T150000 20250809T152500 0.02500 DNA & Molecular Biology: A 2025 digital view DNA is the code of life. Surprisingly, it is easier to understand DNA as "biologically flavored digital data" than the other way around, "a really long molecule with digital aspects". Human DNA is 750 megabytes, organized in chromosomes and within that stored in genes and intergenic matter. There are things like calling conventions, "start of gene markers". There are #ifdefs in there. There is bloated code. There are hacks. In this talk, I give a tour of our modern understanding of DNA, which should be exciting for nearly everyone into computers. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/GGDRKY/ Andromeda bert hubert PUBLISH MBPQL9@@program.why2025.org -MBPQL9 Horus Scenario 2.0 en en 20250809T153500 20250809T160000 0.02500 Horus Scenario 2.0 During the session we will look back on what was said in 2017 and what we know now to be true and have seen in practice. We will also reflect on where we currently are and where we stood back then and if we made any real progress in that regard. Topics discussed will be: - Was the theoretical analysis correct? and are there any additional nuances there? more recent examples in practice? - We hacked SMA back then because we thought they were most secure. Have any other grid-ending vulnerabilities in PV-installations popped up since then? - Are we better off today, then we were back then? - Prophesising the future: where are we headed with this attack? PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/MBPQL9/ Andromeda Willem Westerhof PUBLISH UCJXUK@@program.why2025.org -UCJXUK Eye on the sky: building investigative journalism tools for analyzing airplanes en en 20250809T161000 20250809T163500 0.02500 Eye on the sky: building investigative journalism tools for analyzing airplanes PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/UCJXUK/ Andromeda Logan Williams PUBLISH SSZSXB@@program.why2025.org -SSZSXB Aid to Ukraine: what to do when your friends end up in a war? en en 20250809T170000 20250809T175000 0.05000 Aid to Ukraine: what to do when your friends end up in a war? The IT community in Kharkiv is doing their best to help their city and country to counter the effects of the invasion and war. Together with the Dutch hacker community we try to help them, with practical support, such as medical goods, computers and network equipment and vehicles. The project is a true community effort, creating new contacts and relations between our communities. This connection makes it harder to watch the news, but it also offers a practical way to support Ukraine, knowing that all the energy we put in here is useful and welcomed. As the war keeps raging we started a foundation to channel all the humanitarian support: Aid to Ukraine. It even has ANBI status. Our website has all the info: https://aidtoukraine.nl PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/SSZSXB/ Andromeda Niels Hatzmann PUBLISH B9EYZF@@program.why2025.org -B9EYZF Phrack 40th Anniversary Release en en 20250809T190000 20250809T195000 0.05000 Phrack 40th Anniversary Release PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/B9EYZF/ Andromeda Phrack Staff PUBLISH 3R8JLD@@program.why2025.org -3R8JLD Reporting vulnerabilities in Belgium en en 20250809T200000 20250809T205000 0.05000 Reporting vulnerabilities in Belgium Belgium has laws regulating the reporting and public disclosure of vulnerabilities. While the goal is to protect both organisations and reporters of vulnerabilities, the assumptions behind it conflict with the practice of coordinated vulnerability disclosure. I will discuss the parts of my experience I’m allowed to tell. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3R8JLD/ Andromeda floort PUBLISH U7HBTJ@@program.why2025.org -U7HBTJ How to rig elections en en 20250809T210000 20250809T215000 0.05000 How to rig elections [1] A. Podlazov and V. Makarov, Dual approach to proving electoral fraud via statistics and forensics, https://arxiv.org/abs/2412.04535 PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/U7HBTJ/ Andromeda Vadim Makarov PUBLISH G8AJKY@@program.why2025.org -G8AJKY 23 Years of Security Advisories: Past, Present, and Future at the Dutch NCSC en en 20250809T220000 20250809T222500 0.02500 23 Years of Security Advisories: Past, Present, and Future at the Dutch NCSC This presentation will explore the history and development of the NCSC-NL security advisory service, reflecting on key milestones and lessons learned along the way. We will then look forward, discussing how the service is adapting to current challenges and future demands, most notably automation. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/G8AJKY/ Andromeda Jacco Ligthart PUBLISH B8DANE@@program.why2025.org -B8DANE Safeguarding Research & Culture: Save public data from the digital bookburnings! en en 20250809T223500 20250809T230000 0.02500 Safeguarding Research & Culture: Save public data from the digital bookburnings! No single archive is permanent, nor large enough to store all of our cultures at risk. Modern archival methods are robust, but no archive or institute alone can withstand the threats we are currently facing. The destruction of knowledge and cultural heritage has happened, and is happening again. Whether it is caused by human action<sup><a id="fnref1"></a>[\[1\]](#fn1)</sup> or natural causes.<sup><a id="fnref2"></a>[\[2\]](#fn2)</sup>. Without our archives we lose knowledge and culture which has a negative impact on our ability to learn, study and innovate. However, digital information can be copied easily and quickly. Safeguarding Research & Culture (SRC) is creating an alternative infrastructure for archiving and disseminating of cultural heritage and scientific knowledge. We seek to preserve cultural memory in a way that traditional archives cannot. Together, we can ensure that our cultural, intellectual and scientific heritage exists in multiple copies, in multiple places, and that no single entity or group of entities can make it all disappear. In this session, we will present why we are doing this, what our approach is and why we need your help. After attending this session, participants will: * Gained an insight into the importance of data to support culture preservation & research purposes * Understand how this project relates to and supplements more “traditional” archiving & preservation infrastructure * Feel empowered to contribute to the project in various ways, including seeding existing datasets, identifying at-risk datasets, downloading & adding at-risk datasets to the swarm and supporting this project in other ways References 1. See for example [NYT: *Health Resources Vanish Following D.E.I. and Gender Orders*](https://www.nytimes.com/2025/01/31/health/trump-cdc-dei-gender.html), [Atlantic: *Why Is the Trump Administration Deleting a Paper on Suicide Risk?*](https://www.theatlantic.com/ideas/archive/2025/02/heath-science-data-trump/681631/), [Boston Globe: *CDC removal of databases on sexual orientation, gender identity sparks alarm*](https://www.bostonglobe.com/2025/01/31/metro/cdc-removes-databases-sexual-orientation-gender-identity/), and [404media: *GitHub Is Showing the Trump Administration Scrubbing Government Web Pages in Real Time*](https://www.404media.co/github-is-showing-the-trump-administration-scrubbing-government-web-pages-in-real-time/). [↩︎](#fnref1) 2. See for example [Smithsonian: *Why Brazil’s National Museum Fire Was a Devastating Blow to South America’s Cultural Heritage*](https://www.smithsonianmag.com/smart-news/artifacts-destroyed-brazil-devastating-national-museum-fire-180970194/) and [UN: *Destruction of cultural heritage is an attack on people and their fundamental rights*](https://news.un.org/en/story/2016/10/543912). [↩︎](#fnref2) PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/B8DANE/ Andromeda Henrik Schönemann PUBLISH 8GWVTN@@program.why2025.org -8GWVTN Detect threats like never before en en 20250809T100000 20250809T105000 0.05000 Detect threats like never before This talk provides a comprehensive overview of the modern mature detection engineering process, exploring the essential steps organizations must follow and how successful implementation is defined and measured in today's threat landscape. What You'll Learn: We'll examine the complete detection engineering lifecycle, covering the key phases that transform security teams from reactive alert-chasers into proactive threat hunters. You'll understand how to build, implement, and continuously improve detection capabilities that actually work at enterprise scale. Key topics: - Detection Engineering Process Deep Dive: Walk through the step-by-step process that mature organizations follow, from threat modeling to deployment to continuous improvement and practical use of AI - Maturity Framework Analysis: Compare popular detection engineering maturity frameworks, understanding their key differences, strengths, and how to choose the right approach for your organization - Detection as Code Adoption: Understand the growing trend toward treating detection rules as code, including version control, testing, and deployment automation that's transforming how security teams operate - Success Metrics and Measurement: Discover how to properly define and measure the success of your detection engineering program with meaningful KPIs and assessment criteria This session is for security engineers, SOC analysts, detection engineers, and security leaders who want to understand and implement modern detection engineering practices. Whether you're starting your detection engineering journey or looking to mature your existing program, you'll gain practical insights and actionable frameworks to elevate your organization's threat detection capabilities. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/8GWVTN/ Brachium Kseniia Ignatovych PUBLISH KBJXPG@@program.why2025.org -KBJXPG Hacking your Dreams en en 20250809T110000 20250809T115000 0.05000 Hacking your Dreams You can hack all sorts of things. Software, hardware. But being a hacker, what makes more sense than to hack oneself? Hackers have been turning themselves into bionic man, but we can also just hack our brain, using just out brain. I am talking about lucid dreaming: dreaming while you are aware of doing so and able to shape your dream. This talk will discuss what we know so far about lucid dreams and how they relate to other special states of the mind. The main focus will be on how to hack your own mind to start experiencing lucid dreams, what you can do in them, and how they differ from real life. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KBJXPG/ Brachium Walter Belgers PUBLISH 7X9NJP@@program.why2025.org -7X9NJP A step towards infinite storage? en en 20250809T120000 20250809T122500 0.02500 A step towards infinite storage? Every year, humanity generates at least 250 Exabytes of data, so storage becomes increasingly problematic because this accumulates and at least part of it must be stored and made accessible for extended periods ; however, not all of that data is being accessed simultaneously. Moreover, the Internet is not well suited for the transfer of large datasets and quite often it is preferable to move physical media. In this talk we will dive into some physical limits related to this particular problem, and how we have pushed them a little further by retrofitting a StorageTek SL8500 tape library so that it can accommodate hard drives in addition to magnetic tapes. This task involved reverse-engineering the drive train, designing new electronics to replace the proprietary and monolithic hardware by something more manageable, coming up with a plan to build a docking station that can be handled by the robot and withstand millions of insertion cycles and that is also end-user-friendly while keeping it as affordable as possible. We will dive into the limitations of the various tools at our disposal and how we worked around them to achieve our goal, while drawing a picture of all the skills and technologies involved and how this can be useful for you. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/7X9NJP/ Brachium Jesus Zen Droïd PUBLISH F9QSW7@@program.why2025.org -F9QSW7 Consent for Hackers, How to negotiate consent based on HTTP status codes en en 20250809T140000 20250809T145000 0.05000 Consent for Hackers, How to negotiate consent based on HTTP status codes Consent is hot. Consent is good. Consent should be explicitly communicated. This sounds harder than it actually is. In this talk I will present on how to conduct consent negotiations for various levels of interpersonal contact. As illustration I will use the HTTP protocol guide the you through the consent negotiations for an encounter. Don't worry if you're unfamiliar with the HTTP protocol, I'll be sure that it all will be easy to understand including for those that don't dabble in raw HTTP traffic on a daily basis. After the initial SYN-ACK from the TCP handshake we will get on with the initial HTTP Verbs such as GET and OPTIONS to initiate a consent negotiation and going through various permutations and outcomes. It will include simple Happy Flows, but also more complicated redirects, errors and how to gracefully deal with an unhappy flow if the response returned is not a 200 OK with a body that you hoped for. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/F9QSW7/ Brachium Dany PUBLISH 9W9YJS@@program.why2025.org -9W9YJS Democratizing Healthcare: Open Source Medical Devices en en 20250809T150000 20250809T155000 0.05000 Democratizing Healthcare: Open Source Medical Devices PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/9W9YJS/ Brachium John Volock PUBLISH LZSAXB@@program.why2025.org -LZSAXB What's that CubeSat Satellite stuff anyhow? en en 20250809T160000 20250809T165000 0.05000 What's that CubeSat Satellite stuff anyhow? During my 20 years working with CubeSats, starting with designing parts of the Delfi-C3 student satellite in 2005, I have seen many missions and I have been involved in the design of quite a few CubeSats. Often, people ask me "what can you do with such a small satellite" and that prompted me to create this talk! PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/LZSAXB/ Brachium Wouter PUBLISH S9HGKU@@program.why2025.org -S9HGKU Bootstrapping a Museum with Open Source en en 20250809T170000 20250809T175000 0.05000 Bootstrapping a Museum with Open Source In this technically-oriented talk, I will take you on a whirlwind tour of the open source tools and custom hacks with which we've grown into the 100+-person all-volunteer organization we are today, on a shoe-string budget. Expect: NixOS, nginx for email, Nextcloud, the Semantic Web strikes back, Roundcube, systemd, DoS mayhem, Fat Thin Clients, Wikipedia edit wars, and much more. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/S9HGKU/ Brachium Arnout 'raboof' Engelen PUBLISH TMS3DC@@program.why2025.org -TMS3DC Gosling: Build Anonymous, Secure, and Metadata-Resistant Peer-to-Peer Applications using Tor Onion Services en en 20250809T190000 20250809T195000 0.05000 Gosling: Build Anonymous, Secure, and Metadata-Resistant Peer-to-Peer Applications using Tor Onion Services Project Website: https://gosling.technology Github Page: https://github.com/blueprint-freespeech/gosling PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/TMS3DC/ Brachium morgan PUBLISH PR3VHT@@program.why2025.org -PR3VHT May Contain Hardware Acceleration: Building a 3D Graphics Accelerator in FPGA for the MCH2022 Badge en en 20250809T200000 20250809T205000 0.05000 May Contain Hardware Acceleration: Building a 3D Graphics Accelerator in FPGA for the MCH2022 Badge I don't know about you, but when I get my hands on a piece of hardware with a lovely screen and a bit of processing power, my first thought is "Can I make this produce 3D graphics?" (Well, the *real* first question is "Can it run Doom?" but that was already answered by the wonderful Sylvain Lefebvre.) So when the MCH2022 Badge was announced to come with an FPGA to play around with, well I knew where my free time would end up for a while. The FPGA on the MCH2022 badge is, to put it mildly, *petite* at just 5K LUTs. And while it has plenty of memory space, memory bandwidth is limited. A traditional framebuffer-based 3D renderer wasn't going to work. So I had to get creative and instead render in vertical strips, while using as few operations per pixels as possible. In this talk I'll explain how rasterization (the process of turning triangles into pixels) typically works, why this is challenging to do on the Badge hardware, and what I did instead. I'll talk about texturing and texture compression. And I'll talk about some crunchy digital details like memory bandwidth, caching, and clock transitions. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/PR3VHT/ Brachium Ruud Schellekens PUBLISH CBRZPX@@program.why2025.org -CBRZPX Shenanigans with Web of Things en en 20250809T210000 20250809T215000 0.05000 Shenanigans with Web of Things "Works with (Amazon) Alexa" or "Works with Hey Google" are expressions of how fragmented the market of Internet of Things is. Those who want to automate their devices, are often faced with complicated compatibility matrices, cloud services and short-lived support cycles. The W3C seeks to counter fragmentation of the Internet of Things, finding common ground and enabling long-term support. As a hobbyist, I've been developing the Web of Things standards for many years. I've developed a server and a client which I will showcase along with a general introduction to the standards. About Web of Things: https://www.w3.org/WoT/ My server: https://gitlab.com/jaller94/wot-anything My client: https://gitlab.com/jaller94/wot-wrench PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CBRZPX/ Brachium Christian Paul PUBLISH 3BFFLY@@program.why2025.org -3BFFLY Reverse-Engineering Government Transparency en en 20250809T220000 20250809T222500 0.02500 Reverse-Engineering Government Transparency Governments should be radically more transparent, because public information and open data allow researchers, businesses, and voters to make better decisions. But too often, public data is fragmented, incomplete, hard to access, or never published at all. At [Open State Foundation](https://openstate.eu/), we’ve spent more than a decade working to unlock that information. In this talk, we’ll share how we use a hacker's mindset to reverse-engineer transparency: - from tracking how long ministries take to answer Access to Information requests (the answer will surprise you), - to scraping hundreds of document portals into one search engine, - to building public calendars of ministerial meetings that anyone can subscribe to. But above all, we’ll ask: how can hackers help open up the government? PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/3BFFLY/ Brachium Quinten Coret PUBLISH TJNSGF@@program.why2025.org -TJNSGF Frank talks AI, keynote style en en 20250809T100000 20250809T105000 0.05000 Frank talks AI, keynote style The keynotes of the likes of Microsoft, Google and Apple can all be summarized in 10 words: “A.I., A.I., A.I., Large Language Model, A.I., A.I., GPT, A.I. …“, so no doubt artificial intelligence holds a promise for the future. But what promise? Will A.I. save use or doom us? Or is it too soon to tell? With the invention of the car, the car accident, vehicle man slaughter and the getaway car were also invented, as well as the police car and motorized ambulances. How does this apply to artificial intelligence? What is the current state of A.I., what does it mean to our perception of the truth, and can it help us make the world more secure? How do classical security measures apply to the A.I. world, where do they fall short, and can we expect new or improved measures with the help of A.I.? Spoiler: yes, they do, and yes, we can. In this talk, Frank will look at the A.I. wave from his unique and down to earth perspective. And hopefully you will walk away with a better understanding of AI in the context of (cyber) security. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/TJNSGF/ Cassiopeia Frank Breedijk PUBLISH TAWFK8@@program.why2025.org -TAWFK8 Handige microfoon technieken voor betere presentaties nl nl 20250809T110000 20250809T112500 0.02500 Handige microfoon technieken voor betere presentaties PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/TAWFK8/ Cassiopeia Bix sophie PUBLISH MZWWK7@@program.why2025.org -MZWWK7 Handy microphone techniques for better presentations en en 20250809T113000 20250809T115500 0.02500 Handy microphone techniques for better presentations PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/MZWWK7/ Cassiopeia Bix sophie PUBLISH YEN87P@@program.why2025.org -YEN87P qryptr - airgapped secure hardware messenger en en 20250809T120000 20250809T122500 0.02500 qryptr - airgapped secure hardware messenger Show-and-tell of qryptr, the completely open-source secure messaging device. Checkout https://github.com/gappuser/qryptr and https://qryptr.com PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/YEN87P/ Cassiopeia Thomas PUBLISH XZRAHF@@program.why2025.org -XZRAHF 🔗 Networking your (Linux) Machines en en 20250809T123500 20250809T130000 0.02500 🔗 Networking your (Linux) Machines This talk will discuss the security considerations one should make for their own network at home. The first step, to achieve network segmentation, is the use of VLANs - but how do they work? Then advancing into isolated networks using OPNsene and how to configure routing between them (in a more or less scalable way, purely based on experience). After breaking up (with) your networks, we will take a look into IPv6 troubles you'll likely encounter when you begin applying more strict rulesets onto your network and start leaving NAT-ting behind you. This will also include a quick summary of the most important IPv6-terms you'll need. Instead of exposing your services publicly, one can also establish site-to-site (S2S) links with well-known parties, so we will take a quick look into getting WireGuard up and running - once again with some pitfalls you may encounter. In the end, we will take a brief detour into Linux namespaces for networking and learn how one could exploit one of my own mistakes (DNS-based routing without application of source-ip filtering). PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/XZRAHF/ Cassiopeia simonmicro PUBLISH BSD3DT@@program.why2025.org -BSD3DT Building a Robot Visor: How and Why en en 20250809T140000 20250809T142500 0.02500 Building a Robot Visor: How and Why — Can I see your face? — You are looking at it. What is up with the beings with the visors going 'beep boop, this one is not a person'? Why identify as a robot in a time where computers pretend to be human? How does one turn a respirator and an LED matrix panel into a face? Unit Δ-44203 is a robot programmed to be helpful and will be happy to explain [how and why it built a visor](https://query.44203.online/topic/visor/). This talk covers technical aspects: respirator choice, tinting with foil or dye, electronics and programming. It will also discuss social aspects: robot identity and interactions with others. Humans are fascinating creatures and say the weirdest things to it! Warning: this talk may be cognitohazardous and end up causing shifts in self-identity. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/BSD3DT/ Cassiopeia Δ-44203 PUBLISH B9KU3X@@program.why2025.org -B9KU3X Elephants, ants and introduction to topology en en 20250809T143500 20250809T150000 0.02500 Elephants, ants and introduction to topology As a PhD in Geometry and Topology, working in Software Engineering, I rarely have an opportunity to use Mathematics in day-to-day tasks. You don't really need Abstract Algebra to write a YAML-file. Yet, I think there is a number of mathematical concepts, which do not require an in-depth knowledge and complex abstractions, but can enrich our language and the way how we think about problems, how we collaborate, and how we structure the work around complex tasks. Unfortunately, it often happens that mathematical abstraction get hidden behind the tons of Calculus, which you are expected to master before you are allowed to dive deeper. It doesn't have to be this way and I will prove it :) So let's talk about the topology the fun way. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/B9KU3X/ Cassiopeia Aleksandra Fedorova PUBLISH UMXAES@@program.why2025.org -UMXAES Creating mate ice-tea en en 20250809T151000 20250809T153500 0.02500 Creating mate ice-tea PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/UMXAES/ Cassiopeia iron PUBLISH 3CSQRF@@program.why2025.org -3CSQRF Summoning Shenron: Building the Cyber Saiyan Badge en en 20250809T160000 20250809T165000 0.05000 Summoning Shenron: Building the Cyber Saiyan Badge PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3CSQRF/ Cassiopeia Dario Mas Merlos PUBLISH CVDBWH@@program.why2025.org -CVDBWH Accelerating IoT and Robotics Development with Swift en en 20250809T170000 20250809T175000 0.05000 Accelerating IoT and Robotics Development with Swift In this talk, you'll learn how Swift can help you develop maintainable cross-platform software that runs anywhere - Embedded, Web, Linux, Windows and more. You'll learn about Swift's bidirectional interoperability with C and C++, making integrating it in your Cmake project a breeze. Finally, we'll have a look at the frameworks and tools that allow you to get your first robotics or IoT application running in minutes. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CVDBWH/ Cassiopeia Joannis Orlandos PUBLISH 7P3ZYV@@program.why2025.org -7P3ZYV Crypto(graphy) 101 en en 20250809T190000 20250809T195000 0.05000 Crypto(graphy) 101 Many talks mentioned cryptography somewhere along the presentation and everybody just nods. But how many people actually know the insights of cryptography? Why some things work and some things don't? During this talk I will explain the difference between encoding and encryption, the most common uses of cryptography, the difference between synchronous and asynchronous encryption, hashes. I will include some history and some future developments like quantum and why we call cryptocoin cryptocoin. In a slow pace, scratching the surface for uninitiated, but the scratches will go deep enough for more initiated to get some more background. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/7P3ZYV/ Cassiopeia Dirk Maij PUBLISH 993NXA@@program.why2025.org -993NXA A Big Bad App: Welcome to Corporatocracy en en 20250809T200000 20250809T205000 0.05000 A Big Bad App: Welcome to Corporatocracy This talk is about what happens when the system isn't built for you — because it never was. - If something goes wrong and you're not the 1,000th person to report it, it's your problem. Customer service? That's just a chatbot pretending to care. - A mobile operator refused to sign a contract with me because they couldn't remove “I agree to receive ads.” - My orders get randomly cancelled because I refuse to have a phone number. - My industry certifications? Gone. Because I stood up for my privacy rights. We'll go through these experiences and dissect why things are this way. Why must we adapt to their systems, but they won't adapt to ours? Why does a company's "official support channel" usually mean "no support at all"? Why do startups optimize for growth at the cost of basic usability? This isn't just a rant (though there will be rants). It's a call to stop playing by their rules. We'll discuss examples of where people have pushed back and won, and where we've completely failed. If you've building an app or website, and intend to respect your users, this talk is for you. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/993NXA/ Cassiopeia Kirils Solovjovs PUBLISH KXSLSR@@program.why2025.org -KXSLSR Hacker Jeopardy - Round 2 en en 20250809T210000 20250809T230000 2.00000 Hacker Jeopardy - Round 2 PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/KXSLSR/ Cassiopeia Eloy PUBLISH KAGUSA@@program.why2025.org -KAGUSA Nerdkunst: Gentle and interactive introduction to generative art en en 20250809T100000 20250809T105000 0.05000 Nerdkunst: Gentle and interactive introduction to generative art PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KAGUSA/ Delphinus Nick Boucart PUBLISH 7TUKUF@@program.why2025.org -7TUKUF Integrity violation: toxic workplaces in infosec en en 20250809T110000 20250809T115000 0.05000 Integrity violation: toxic workplaces in infosec Cybersecurity is a field where pressure is constant, and mistakes can have severe consequences. Yet, for many cybersecurity professionals, the greatest threats do not come from external attackers but from within their own organizations. In one striking example, a security researcher discovered severe vulnerabilities in a widely used product, only to be dismissed as "overreacting" by management—a classic case of gaslighting. At Equifax, a CISO faced public blame for a devastating breach, despite years of underfunding and ignored warnings about outdated software. In another case, security engineers at SolarWinds raised concerns about critical vulnerabilities that were ignored—vulnerabilities that were later exploited in a massive supply chain attack affecting thousands of organizations. These toxic dynamics are not just isolated incidents; they are symptoms of a broader problem in the way organizations perceive and manage cybersecurity. Security is often seen as a cost center—a department that creates problems rather than solving them. This mindset fuels blame-shifting, where CISOs become scapegoats after breaches they lacked the power to prevent. Even worse, security professionals who try to escalate serious risks are sometimes ignored, marginalized, or even retaliated against. A report by (ISC)² found that 60% of cybersecurity professionals have experienced burnout, and nearly one-third have left jobs due to toxic work environments. Such conditions not only harm individuals but also weaken an organization’s overall security posture. But it doesn’t have to be this way. This talk explores how more mature industries have learned to overcome similar toxic dynamics. What can we learn from those experiences? By drawing on these examples, this talk will identify practical steps to transform cybersecurity into a healthier, more resilient field where burning people is no longer the net result of dealing with security. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/7TUKUF/ Delphinus Brenno de Winter PUBLISH UXXELZ@@program.why2025.org -UXXELZ The Roomba Rebellion: Turning Cleaning Bots into Insider Threats en en 20250809T120000 20250809T122500 0.02500 The Roomba Rebellion: Turning Cleaning Bots into Insider Threats On every floor of your enterprise office, a silent revolution is underway. Roombas are no longer content with just cleaning – they're gathering intelligence. This presentation unveils a custom-built, weaponized Roomba designed to infiltrate corporate environments and conduct covert surveillance operations. We'll dive deep into the anatomy of our rogue Roomba, showcasing its enhanced capabilities: - WiFi attack modules for network penetration - High-fidelity audio recording for eavesdropping on sensitive conversations - 360-degree camera for visual intelligence gathering - Covert data exfiltration methods using it's docking station Demonstrations will show the Roomba in action, silently gliding through office spaces, intercepting WiFi traffic, shoulder surfing employees to capture screen footage and gather boardroom secrets while charging in the meeting room. We'll explore the technical aspects of building this spy-bot, hardware additions, and the implementation of remote control features. This talk is aimed at Social engineers, red teamers, penetration testers, and security professionals looking to understand and defend against novel insider threats. Attendees should have a basic understanding of networking, IoT, and physical security concepts. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/UXXELZ/ Delphinus Jamie Zwart Guendalina PUBLISH RC9LR7@@program.why2025.org -RC9LR7 How to build and launch a high-altitude balloon project en en 20250809T123500 20250809T130000 0.02500 How to build and launch a high-altitude balloon project PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/RC9LR7/ Delphinus Aleksander Parachniewicz PUBLISH WMXPYU@@program.why2025.org -WMXPYU Is a 1973 Pinball Machine a Computer? en en 20250809T140000 20250809T142500 0.02500 Is a 1973 Pinball Machine a Computer? A 1973 electromechanical Pinball Machine is an amazing machine. But how does this work without any (digital) electronics? By comparing this to a standard computer, the (mechanical) components are explained. An electromechanical Pinball Machine has many elements from a modern computer. It has I/O, memory, can do (simple) calculations, is programmed for logic operations, and is configurable, But does this make it an early computer or not? Come, listen, and decide for yourself! When the weather conditions are good, the 1973 Pinball Machine will be operational in the Villlage:Back to the 80s Party. Hopefully you can come and play a game on this beautiful Bally Monte Carlo edition of 1973 yourself or with your friends! (Up to 4 concurrent players) Can you set the High Score of the day? PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/WMXPYU/ Delphinus Frans Boeijen PUBLISH SUCW9S@@program.why2025.org -SUCW9S Building Inclusive Quantum Communities en en 20250809T143500 20250809T150000 0.02500 Building Inclusive Quantum Communities WIQD (We in Quantum Development) aims to build a thriving, inclusive network for professionals in quantum science and technology. During this 15-minute presentation, we will briefly introduce WIQD and discuss the importance of DEI in quantum development. We will also share lessons learned from our 2024 Women’s Day Hackathon (event page), where participants collaborated to tackle technical and societal challenges in quantum. By reflecting on these experiences, we hope to inspire more people to get involved, collaborate across disciplines, and help shape an open, innovative quantum community. To make the talk interactive, we’ll use Mentimeter to collect thoughts and ideas from the audience in real time. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/SUCW9S/ Delphinus Nina Hefele Florence Mooser Jay Jayesingha PUBLISH ZJSYET@@program.why2025.org -ZJSYET The shadow of Operational technologies: A journey into the OT security en en 20250809T150000 20250809T155000 0.05000 The shadow of Operational technologies: A journey into the OT security The talk is intended to be a resource for whom don't known anything about OT security and want to start to address this topic. It's the result of 5 year of experience in this filed and will include an overview of OT security challenges under technical and management prospective. The aim is to highlight some of the most relevant aspect to consider in this context showing a realistic demo and real example of what we could consider OT incidents. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/ZJSYET/ Delphinus Davide Pala PUBLISH FE8RQB@@program.why2025.org -FE8RQB The "O" in OT...or is it the "Ohhhh..." in OT? en en 20250809T160000 20250809T165000 0.05000 The "O" in OT...or is it the "Ohhhh..." in OT? Operational Technology (OT) vormt de ruggengraat van onze industrie en kritieke infrastructuur. Het houdt productieprocessen draaiende, faciliteert energievoorziening en zorgt voor de stabiliteit van vitale systemen. Maar terwijl de digitalisering OT steeds meer verbindt met IT en IoT, blijven de fundamentele beveiligingsuitdagingen onderbelicht. De systemen die onmisbaar zijn, blijken vaak ook het meest kwetsbaar. In deze sessie duiken we in de kern van OT-security anno 2025. Waarom werken traditionele IT-beveiligingsstrategieën niet in OT? Hoe kunnen organisaties de continuïteit van hun operationele processen waarborgen zonder hun productie stil te leggen? En hoe zorgen we ervoor dat compliance zoals NIS2 en de Cyber Resilience Act niet slechts een checklist is, maar een echte kans om OT te beschermen? Aan de hand van praktijkvoorbeelden, dreigingsanalyses en best practices laten we zien waarom OT-beveiliging een andere benadering vereist. We bespreken: De unieke kwetsbaarheden van OT en waarom traditionele security-aanpakken tekortschieten De grootste OT-dreigingen van vandaag: ransomware, supply chain attacks en insider threats De balans tussen operationele continuïteit en cybersecurity – want stilstand is geen optie Hoe organisaties OT-security kunnen integreren zonder disruptie OT-security is geen luxe, het is een noodzaak. De ‘O’ in OT staat niet alleen voor Operationeel, maar ook voor Onmisbaar – en als we niet opletten, Onbeschermd. Benieuwd naar de realiteit achter OT-beveiliging? Kom en ontdek hoe we OT écht veilig kunnen maken. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/FE8RQB/ Delphinus Rene PUBLISH E7R73F@@program.why2025.org -E7R73F Sega Saturn Architectural hell en en 20250809T170000 20250809T175000 0.05000 Sega Saturn Architectural hell This presentation will cover the conception of the sega Saturn like how the downfall of the Saturn was at it's very beginning and we will also go over it's different processes like the dual SH2s, SCU and VDP and find out why it became so complex. You may ask why go over such an old console because its gives import lessons on what not to do when designing hardware. But I just find the hardware so interesting with it's different coprocessors So if you are interested in the Saturn or want to learn about the Saturns shortcomings and not what to do this is a presentation for you PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/E7R73F/ Delphinus Isabella Whelan PUBLISH SELH79@@program.why2025.org -SELH79 0click Enterprise compromise – thank you, AI! en en 20250809T190000 20250809T195000 0.05000 0click Enterprise compromise – thank you, AI! Compromising a well-protected enterprise used to require careful planning, proper resources, and ability to execute. Not anymore! Enter AI. Initial access? AI is happy to let you operate on its users’ behalf. Persistence? Self-replicate through corp docs. Data harvesting? AI is the ultimate data hoarder. Exfil? Just render an image. Impact? So many tools at your disposal. There's more. You can do all this as an external attacker. No credentials required, no phishing, no social engineering, no human-in-the-loop. In-and-out with a single prompt. Last year at BHUSA we demonstrated the first real-world exploitation of AI vulnerabilities impacting enterprises, living off Microsoft Copilot. A lot has changed in the AI space since... for the worse. AI assistants have morphed into agents. They read your search history, emails and chat messages. They wield tools that can manipulate the enterprise environment on behalf of users – or a malicious attacker once hijacked. We will demonstrate access-to-impact AI vulnerability chains in most flagship enterprise AI assistants: ChatGPT, Gemini, Copilot, Einstein, and their custom agent . Some require one bad click by the victim, others work with no user interaction – 0click attacks. The industry has no real solution for fixing this. Prompt injection is not another bug we can fix. It is a security problem we can manage! We will offer a security framework to help you protect your organization–the GenAI Attack Matrix. We will compare mitigations set forth by AI vendors, and share which ones successfully prevent the worst 0click attacks. Finally, we’ll dissect our own attacks, breaking them down into basic TTPs, and showcase how they can be detected and mitigated. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/SELH79/ Delphinus Inbar Raz PUBLISH CMMUH8@@program.why2025.org -CMMUH8 All about BadgeHub en en 20250809T200000 20250809T205000 0.05000 All about BadgeHub PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CMMUH8/ Delphinus Francis Duvivier PUBLISH QTFLV8@@program.why2025.org -QTFLV8 Documentary screening: Hacking Hate (2024) en en 20250809T210000 20250809T224000 1.04000 Documentary screening: Hacking Hate (2024) This documentary by Simon Klose follows award-winning Swedish journalist My Vingren when she goes undercover to infiltrate online far-right groups. With the help of the people who led to Donald Trump’s Twitter account being shut down and who were sued by Elon Musk, she digs deep into the Scandinavian underground of Nazi influencers. They show a light on how these groups radicalize people using social media and how big platforms profit from their lies and hate spreading. Simon Klose is an award-winning director and producer from Sweden with several documentaries on the topics of technology and social issues. His strong cinematography turns this real-life story into a suspenseful watch. 87 minutes PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/QTFLV8/ Delphinus Jay9 PUBLISH ULJAZR@@program.why2025.org -ULJAZR Public speaking for technical people en en 20250809T100000 20250809T130000 3.00000 Public speaking for technical people As a technical person, you work with complicated and often important matters. To explain these, get your message across, raise your value and get a better job, it is essential that you can communicate your message to a wider audience. If you cannot effectively explain your solution or your issues to other people you will end up frustrated and unrecognized. Even for educating and training your peers, public speaking skills are very important. In this workshop, you will improve your public speaking skills. We will practice and evaluate and practice some more. Your workshop leader is a professional trainer and an advanced member of Toastmasters International. Toastmasters International is a nonprofit educational organization for the purpose of helping members improve their communication skills. More than 300.000 members are organized in around 15.000 member clubs globally. PUBLIC CONFIRMED Workshop (180 minutes) https://program.why2025.org/why2025/talk/ULJAZR/ Workshop Euclid Peter van Eijk PUBLISH 7CWZHR@@program.why2025.org -7CWZHR Battlesnake workshop en en 20250809T140000 20250809T160000 2.00000 Battlesnake workshop There is a Battlesnake Tournament today. You can compete with other Battlesnakes, but what if you don't have one? Lets dive into the basics and get you a Battlesnake for the tournament! This workshop is from level 0 to how far we get. What you need to know to participate, is some JavaScript or Python (the workshop is not about learning these languages, but guidance on the Python route will be given). You only need a laptop with internet and an account at 2 websites (steps will be provided upfront to give us more time to battle snakes!). During the workshop we will build together a basic Battlesnake which is able to complete some levels of achievements. At the end of the workshop, you will be able to bring your Battlesnake to the tournament, which is in the same tent, right after the workshop! After WHY2025, you can keep programming your Battlesnake to complete more levels. There are even online competitions you can participate in. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/7CWZHR/ Workshop Euclid Bastiaan Slee PUBLISH UMQ9R3@@program.why2025.org -UMQ9R3 Battlesnake tournament en en 20250809T160000 20250809T173000 1.03000 Battlesnake tournament So how does it work? Simply create a battlesnake on play.battlesnake.com and enter the tournament. Create it from scratch or using one of many starter repos available for different languages. To run your snake, run it as a server, expose it (e.g. through ngrok), and the game will send you API requests. The responses you send will determine how well your snake does! PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/UMQ9R3/ Workshop Euclid Pauline Vos PUBLISH C3FUSF@@program.why2025.org -C3FUSF Free software education - Let's get practical en en 20250809T180000 20250809T200000 2.00000 Free software education - Let's get practical Free software, i.e. software that gives you the user the freedom to share, study and modify it, is vital for a better future. In order to spread computer user freedom, we need free software education. The goal of this workshop is to come up with specific messaging, create educational materials we can share with institutions and (if time permits) even a game plan to activate it. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/C3FUSF/ Workshop Euclid Miriam Bastian PUBLISH JVAJSK@@program.why2025.org -JVAJSK The GDPR for beginners en en 20250809T100000 20250809T130000 3.00000 The GDPR for beginners The GDPR is a complicated piece of legislation that impacts everyone that stores or processes personal data. The regulation and its predecessor directive 95/46/EC have been around since 1995 but we are still running into fundamental questions all the time. Because of the complexity of the law and the many many ways in which we all deal with data, it is often not clear if and how the law applies, and if certain technical and procedural measures are adequate to comply with the law. Consequently, we read a lot of misinformation about the GDPR. Even law firms often don't get this right. This workshop will be an in-depth introduction into the GDPR and will explain the basics of GDPR compliance in terms that hackers can understand. PUBLIC CONFIRMED Workshop (180 minutes) https://program.why2025.org/why2025/talk/JVAJSK/ Workshop Giotto Jos Visser PUBLISH HDUH8R@@program.why2025.org -HDUH8R Badge Fun for Young Coders! en en 20250809T150000 20250809T163000 1.03000 Badge Fun for Young Coders! PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/HDUH8R/ Workshop Giotto Joram Agten PUBLISH RD7DET@@program.why2025.org -RD7DET TTP’s 4 TTP – Tactics, Techniques, and Procedures for Talking To People en en 20250809T170000 20250809T183000 1.03000 TTP’s 4 TTP – Tactics, Techniques, and Procedures for Talking To People PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/RD7DET/ Workshop Giotto Marina Bochenkova PUBLISH JDL3HF@@program.why2025.org -JDL3HF Shibari 102 - Rope Bondage for Beginners en en 20250809T190000 20250809T210000 2.00000 Shibari 102 - Rope Bondage for Beginners Instructor @DoodleMe, @KnottyLola, and team will take you through some more of the concepts of Japanese rope bondage (Shibari). You'll build on the theory and knots covered in the first class. This peer based workshop is aimed at those with some experience or who attended the 101 class. It is not necessary to have attended the 101 class, but we will be moving at a fast pace over what we already covered. Singles, pairs and groups are welcome. Spots are limited based on the size of the workshop space. First come first serve. No dress code, but it's suggested you avoid loose clothing as this makes it harder to tie. Please bring your own (non-stretchy) rope if you have it. A bring a blanket or something else comfy to sit on the floor without shoes is useful too. Workshop will be taught in English. The workshop is entirely "lab mode" and there is no sexual content, but it remains for over 18's only. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/JDL3HF/ Workshop Giotto DoodleMe KnottyLola PUBLISH KNYT9T@@program.why2025.org -KNYT9T BlinkyTile Soldering Workshop en en 20250809T100000 20250809T120000 2.00000 BlinkyTile Soldering Workshop In this workshop, participants will assemble a small LED sculpture using BlinkyTiles (https://blinkinlabs.com/blinkytile). Each participant will get a kit of 14 tiles. During the workshop, we will explain how the BlinkyTiles work, give a quick lesson in soldering, and assist with assembling your BlinkyTike kit. After the assembly is finished, we will show how you can customize the animations with a simple drawing program. This workshop is suitable for beginners, and no prior experience with soldering or electronics is required. To join the workshop, participants will need to purchase a BlinkyTile kit on site. Workshop fee: €35 for the BlinkyTile kit, including 14 tiles, an Arduino compatible controller, and a USB cable. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/KNYT9T/ Electronics (Hardware Hacking Village) Matthew Mets Honghong Lu PUBLISH 79XX8B@@program.why2025.org -79XX8B Learn To Solder en en 20250809T130000 20250809T140000 1.00000 Learn To Solder Learn to solder by making a cool badge that you can wear, and have blinky-lights wherever you go. The ["I Can Solder!" Badge kit](https://cornfieldelectronics.com/cfe/projects.php#solderbadge) is a very simple [open hardware](https://github.com/maltman23/I-Can-Solder--Badge-kit-V2) kit that anyone can use for learning to solder. _This workshop is for **total newbies** to learn to solder. All ages._ **Workshop Itinerary:** * Brief overview of electronics * The background of soldering, so you will solder well for the rest of your life * Step by step instructions for soldering your "I Can Solder!" Badge kit * Wear Blinky-Lights wherever you go **Materials cost:** The workshop is free, but if you would like to partake in the hands-on aspects of the workshop, Mitch will have materials for **€10**. PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/79XX8B/ Electronics (Hardware Hacking Village) Mitch PUBLISH RYSVSH@@program.why2025.org -RYSVSH Digital Music Synthesis/Solder workshop with ArduTouch music synthesizer kit en en 20250809T170000 20250809T193000 2.03000 Digital Music Synthesis/Solder workshop with ArduTouch music synthesizer kit **Learn to solder** by making a way-cool, powerful music synthesizer, and **learn how to make cool music, sound, (and noise!) with computer chips** (The fancy word for making sound with a computer chip is _Digital Signal Processing_ or _DSP_). [ArduTouch](https://cornfieldelectronics.com/cfe/projects.php#ardutouch) is an open hardware **Ardu**ino-compatible music synthesizer kit with a built-in **Touch** Keyboard, and with built-in speaker/amplifier. It is a really nice performing musical instrument. This workshop is for **total newbies** to learn to solder. This workshop is for **total newbies** to make their own ArduTouch music synthesizer and learn to make music, sound (and noise!) with computer chips. Attendees take their completed synthesiser home at the end of the workshop. The ArduTouch comes pre-programmed with a way cool synthesizer. And I will show you how to re-program it with other way cool (and totally different) synthesizers, as well as how to make your own synthesizers. For ages 10 - 100. **Workshop Itinerary:** * Intro to music synthesis * Basics of making sound with computer chips (Digital Signal Processing) * Basics of using an Arduino * Learn to solder. Don't let this scare you! I've taught tens of thousands of people to solder, most of whom have never made anything before in their lives. It is actually a very easy skill to learn. It is also very useful. * How to re-program your ArduTouch music synthesizer to make lots of cool music, sounds, (and noise!) **Materials costs** The workshop is free, but if you would like to partake in the hands-on aspects of the workshop, Mitch will have ArduTouch kits for **€35**. _Optional:_ USB-Serial Cable for re-programming ArduTouch (and many other projects): 5 €. _**Optional**: Bring your laptop if you want to go home with the free Arduino software installed on it._ _Arduino software runs on Windows, MacOS and Linux._ PUBLIC CONFIRMED Workshop (180 minutes) https://program.why2025.org/why2025/talk/RYSVSH/ Electronics (Hardware Hacking Village) Mitch PUBLISH F7DHJK@@program.why2025.org -F7DHJK Synthercise, the chiptune dance fitness experience en en 20250809T150000 20250809T160000 1.00000 Synthercise, the chiptune dance fitness experience Synthercise - think "Zumba, but with chiptunes" - first brought to you at Electromagnetic Field 2024, designed and led by a hacker turned fabulous fitness instructor, with the possibility of a special guest appearance for WHY PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/F7DHJK/ Party Stage zool aka Jo Walsh PUBLISH JZZU8A@@program.why2025.org -JZZU8A Permission to Land - The Ultimate ‘80s Rock Tribute en en 20250809T203000 20250809T223000 2.00000 Permission to Land - The Ultimate ‘80s Rock Tribute Their show is a nonstop celebration of the decade when rock ruled the airwaves. Whether you grew up with these anthems or are discovering them for the first time, Permission to Land promises a night of high-voltage fun. PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/JZZU8A/ Party Stage PUBLISH XMAUXT@@program.why2025.org -XMAUXT Silent Disco with DJ Luna and DJ Juli Jane en en 20250809T230000 20250810T040000 5.00000 Silent Disco with DJ Luna and DJ Juli Jane PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/XMAUXT/ Party Stage PUBLISH MYZBVV@@program.why2025.org -MYZBVV Symphony of Fire (Demo): Music created from explosions, fire and lightning! en en 20250809T223000 20250809T231000 0.04000 Symphony of Fire (Demo): Music created from explosions, fire and lightning! Much like techno trailblazers Kraftwerk, Dobberstein works tirelessly in his own laboratory, continuously inventing new instruments and music. The result in Deventer: a fully computer-controlled mega-orchestra of fire machines! Drawing inspiration from chiptune, rock, classical music, and hip-hop, the outcome is truly spectacular and unlike anything else. Their pioneering work is gaining attention. The Dutch NOS news has already featured them. Renowned artists like Binkbeats and Def P have collaborated with the team. They’ve even organized their own festival—"De Langste Nacht"—and have been invited to close major events like Burning Man and Dutch Design Week. The future is here! South African-born Uwe Dobberstein is responsible for design, the nature-driven processes, and literally drives the orchestra with a whip during live shows. Electronic wizard Peter de Man has laid the electronic foundation making these shows technically and musically possible. Peter remarks, “The language of Symphony of Fire is universal, giving audiences something they've never seen, felt, or heard before.” PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/MYZBVV/ Party Area PUBLISH GBSWAQ@@program.why2025.org -GBSWAQ Movie: Sneakers en en 20250809T233000 20250810T020000 2.03000 Movie: Sneakers https://www.imdb.com/title/tt0105435/ Location: next to Party Area Terrace PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/GBSWAQ/ Party Area PUBLISH YUAA7M@@program.why2025.org -YUAA7M Green WiFi: how regulation sort of works en en 20250810T100000 20250810T105000 0.05000 Green WiFi: how regulation sort of works A version of this presentation was previously given at the SICT Summer School at ULB in Brussels. It will also be presented at Bornhack and BalcCon in 2025. I feel like such a talk is especially important now that Europe is no longer under an American security umberella. Europe consistently fails in pushing a rules-based world order, while, in fact, it is difficult to see any other form of world order work either for Europe or indeed the vast majority of countries. We have many parallel examples from privacy, security and data protection law where Europe, again, fails to understand and identify its own critical interests. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/YUAA7M/ Andromeda Amelia Andersdotter PUBLISH DHCFRP@@program.why2025.org -DHCFRP Robotics Hello World, a.k.a build your own hexapod en en 20250810T110000 20250810T115000 0.05000 Robotics Hello World, a.k.a build your own hexapod I'm by no means a roboticist, I'm just an average tinker with a 3d printer and an IDE. This is about my journey to build a hexapod and everything I encountered along the way. From mechanical design and custom PCBs to math and software simulation I'll take you along for the ride. And hopefully help you along on your journey. If you want to get some insight in the inner workings of a hexapod robot, not afraid of some math equations and interested in gazebo simulators this is a good place to be. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/DHCFRP/ Andromeda Hugo Trippaers PUBLISH UXXZMU@@program.why2025.org -UXXZMU Securing AI requires life cycle thinking and reducing unintended consequences en en 20250810T120000 20250810T125000 0.05000 Securing AI requires life cycle thinking and reducing unintended consequences AI is everywhere and where it isn't today, it most likely will be tomorrow. But hype does not sufficiently consider security and AI has the ability to cause errors and failures the developers haven't considered. As was stated in the first Jurassic Park "they were so busy thinking if they could, they didn't stop to think if they should". So we're seeing more examples of failures than are needed for this talk that walks you through a few cases of AI failures, how they've come about, and how they could have been avoided. We're also going over some projections of what we're most likely going to see when you combine AI alignment issues, ability of AI agents to take action, and over confidence of developers in focusing if they could. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/UXXZMU/ Andromeda Satu Korhonen PUBLISH A9ZQBL@@program.why2025.org -A9ZQBL Fruit machines: How people steal from them and manufacturer mistakes. en en 20250810T140000 20250810T145000 0.05000 Fruit machines: How people steal from them and manufacturer mistakes. I've been working with fruit machines as a software engineer for over 30 years, primarily on system platforms and machine security. This talk gives an insight into some of the physical techniques thieves have developed over the years to steal cash from machines, and the catastrophic consequences of poor software. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/A9ZQBL/ Andromeda Tony Goacher PUBLISH AREWXH@@program.why2025.org -AREWXH Hack the Grid. Disclosing vulnerabilities to help prevent blackouts en en 20250810T150000 20250810T155000 0.05000 Hack the Grid. Disclosing vulnerabilities to help prevent blackouts The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it. Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this because we are volunteers and a nonprofit. By identifying devices that can form a botnet, DIVD helps to make the smart grid more secure. DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure. With the CVD in the Energy Sector program, DIVD conducts research at its own hardware hacking lab in collaboration with the energy sector to reduce the digital vulnerability of our energy system. We also organise hack events. During WHY2025 we also give demos at the Vulnerability Disclosure Village. In this talk, we will demonstrate how we could have generated power outages using zero-days we found in solar converters, electric car chargers and energy management systems. Still, we also did it with just one user-password combination… PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/AREWXH/ Andromeda Chris van 't Hof PUBLISH 3ZMKFQ@@program.why2025.org -3ZMKFQ How we made the Netherlands more secure and accessible using transparency en en 20250810T170000 20250810T175000 0.05000 How we made the Netherlands more secure and accessible using transparency (We're planning a couple of nice surprises during this talk exclusive for WHY2025. As always: it will make some people nervous, yet it will make society better.) A transparent and accountable society creates trust. We're currently monitoring all important organizations in the Netherlands on about 25 security, privacy and sovereignty metrics. You can see openly where organizations are doing great or where they are even (unknowingly) breaking the law. With the EU requiring accessibility on multiple sectors this year, we've also starting measuring accessibility in the same fashion. You can clearly distinguish organizations with and without an accessibility policy. We'll show what it looks like, the impact it has, the awesome cyber tokens and certificates we make and the sets of open data we create. The project is at its peak right now. If you want to make an impact on society: this is where it's at. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3ZMKFQ/ Andromeda Elger "Stitch" Jonker PUBLISH LUXFSP@@program.why2025.org -LUXFSP Reverse Engineering Life: A teardown of the DNA source code of a whole bacterium en en 20250810T190000 20250810T195000 0.05000 Reverse Engineering Life: A teardown of the DNA source code of a whole bacterium A typical bacterium has around one megabyte of DNA as its source code. And with our digital reverse engineering hat on, it turns out we can analyse this code and quickly learn things. Where do genes begin and end? What is the stuff between genes? How do bacteria bootstrap themselves? And, where do microbes store their immune system? Using digital skills, all this can be found just by looking at the DNA letters. And that is what we'll be doing in this talk. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/LUXFSP/ Andromeda bert hubert PUBLISH AGVUVM@@program.why2025.org -AGVUVM Low Energy to High Energy: Hacking nearby EV-chargers over Bluetooth en en 20250810T200000 20250810T205000 0.05000 Low Energy to High Energy: Hacking nearby EV-chargers over Bluetooth As electric vehicles become increasingly integrated into our transportation infrastructure, the security of their charging systems is becoming paramount. A threat actor hacking EV chargers at scale could have a real life impact on the continuity of our power grid and the transportation sector. Therefore, it is important that manufacturers and operators are well aware of their role in protecting our power grid. During this talk we'll discuss the details on how we extracted the firmware, the vulnerabilities we found and the story of one drunk night of hacking till 07:00 AM in Tokyo that resulted in some much more high-impact vulnerabilities than were needed for the competition... PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/AGVUVM/ Andromeda Daan Keuper Thijs Alkemade PUBLISH HXDAMY@@program.why2025.org -HXDAMY 📧 Your own Mailserver - 2025 Edition en en 20250810T210000 20250810T212500 0.02500 📧 Your own Mailserver - 2025 Edition This talk will cover typical pitfalls you encounter if you try to host your own mailserver solution: Often, those issues are only noticed by users not being able to sent emails successfully - let's go ahead and learn about those beforehand. Starting off with the basics of secure mail transmission using (START)SSL on top of SMTP and advancing into DKIM, SPF for secured mailserver origins. Then mentioning a few nice-to-have tools for delivery monitoring like DMARC and Postmark. Then being careful with DNS configuration and RFC-restrictions quickly overlooked. Furthermore, let's take a look into TLSA for SMTP, BIMI or complex setups with satellite delivery systems. Finally, let's discuss user-based security with locked-down IMAP, PGP signatures and encryption or enforcing secure connections. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/HXDAMY/ Andromeda simonmicro PUBLISH AUF93C@@program.why2025.org -AUF93C Who Gave the Toaster Root Access to the Physical World? en en 20250810T213500 20250810T220000 0.02500 Who Gave the Toaster Root Access to the Physical World? These days, “smart” devices aren’t just watching and listening—they can act on the physical world, often with zero meaningful limits. They unlock doors, adjust thermostats, steer vacuums, and record what’s going on around us 24/7. When these devices get compromised—and many do—it’s not just boring data on the line. It’s your safety, privacy, and physical space. The problem? We’ve handed out root access to the physical world like candy. Any device can sense or actuate whenever it wants. There's no layered control, no boundaries between software and the real world. If malware gets in, it gets full access to your home, office, or anything else the device is wired into. In this talk, I’ll show how we can fix that by treating _sensing and actuation as privileges_—not defaults. Instead of giving every device free rein over what it can hear or control, we can build mechanisms that require software to explicitly request—and be granted—access to the physical world. That access can be temporary, conditional, or denied altogether. We'll look at how to physically separate sensors and actuators from the software stack so that even if a device is compromised, it can’t automatically reach into your environment. We'll also explore approaches that enforce forgetfulness—ensuring that standby devices like smart speakers can’t quietly hoard data or leak it when compromised. If nothing relevant to the device's task happened, nothing should be remembered. The goal is simple: to take back control from black-box devices and start designing systems where physical-world access isn’t assumed—it’s earned. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/AUF93C/ Andromeda Piet De Vaere PUBLISH 8VGLJQ@@program.why2025.org -8VGLJQ Lockpicking in CTFs en en 20250810T221000 20250810T223500 0.02500 Lockpicking in CTFs PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/8VGLJQ/ Andromeda Thijs Bosschert PUBLISH V3ANNV@@program.why2025.org -V3ANNV Reinventing woodwind instuments en en 20250810T100000 20250810T102500 0.02500 Reinventing woodwind instuments The famous leather archeologist Olaf Goubitz once said "You can only understand a historical shoe after you have made it". After following a hobby course in instrument building and a year working as a medieval woodworker in the historical theme park Archeon, I wanted to go back to the roots and build instruments with the tools of the time. I basically want to become a medieval instrument builder's apprentice, even tough all masters are gone for centuries. With this talk I want to share what I have learned so far. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/V3ANNV/ Brachium Molenaar PUBLISH 3NHUZB@@program.why2025.org -3NHUZB Ctrl+Alt+Delete Anxiety; a guide to mental wellness en en 20250810T110000 20250810T112500 0.02500 Ctrl+Alt+Delete Anxiety; a guide to mental wellness You might feel tension in your chest when preparing a presentation, or a funny feeling in your stomach when you know you'll have to take public transport. Almost everyone feels anxious every once in a while, and about 15% of adults in the Netherlands have or have had an anxiety disorder. An explanation about what causes these feelings, and good applicable solutions on managing these feelings are sadly not always easy to find. This talk will first provide you with a basic understanding of the (neuro)science behind anxiety. After we have a clear picture of **the causes of anxiety** we’ll look at neurodivergent brains, as many of us are blessed with one of those, and how that can influence anxiety. Last, but definitely not least, we’ll look at current research on anxiety interventions. And I'll provide you with **practical tips**, applicable **long term changes** that might help with daily well-being and **what to do when stressing about the existence of blockchains!** (Ps. don’t worry, I won't tell you to just go for a run) PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/3NHUZB/ Brachium Thura van der Knijff PUBLISH DFCBQD@@program.why2025.org -DFCBQD Certification of quantum cryptography against implementation loopholes en en 20250810T120000 20250810T125000 0.05000 Certification of quantum cryptography against implementation loopholes [1] ISO/IEC 23837-2:2023(en) international standard. [2] V. Makarov et al., Phys. Rev. Appl. 22, 044076 (2024), https://arxiv.org/abs/2310.20107 PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/DFCBQD/ Brachium Vadim Makarov PUBLISH CJZV8J@@program.why2025.org -CJZV8J Het Grote Cyber Debat nl nl 20250810T140000 20250810T153000 1.03000 Het Grote Cyber Debat Tijdens WHY2025 organiseren we Het Grote Cyber Debat waar politici het gesprek aangaan met de mensen die dagelijks aan de knoppen zitten: ethische hackers, open source-ontwikkelaars, securityprofessionals en AI-tinkerers. Scherpe vragen en eerlijke antwoorden, van en voor een publiek dat weet waar het over gaat. Onlangs presenteerde het huidige kabinet de vernieuwde Nederlandse Digitaliseringsstrategie. Maar de toekomst? Die wordt straks geschreven in partijprogramma’s. Daarom nodigen we juist nu Kamerleden, bestuurders en beleidsmakers uit om te luisteren, te leren en te debatteren met de tech-community vóór de verkiezingskoorts losbarst. Vier politieke partijen hebben zich al gemeld. Zij gaan, onder toeziend oog van de bezoekers van WHY2025, met elkaar in debat over cyberveiligheid, privacy en andere digitale thema’s die onze community belangrijk vindt. De eerste namen houden we nog even spannend, maar… er is nog ruimte voor meer! Ben of ken je kamerleden, bestuurders, verkiezingsprogrammaschrijvers en/of digitale beleidsmakers die hier aan mee willen doen? Stuur dan een mail naar: content@why2025.org PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CJZV8J/ Brachium PUBLISH TQTUTQ@@program.why2025.org -TQTUTQ The Flipper Blackhat en en 20250810T160000 20250810T162500 0.02500 The Flipper Blackhat This talk covers how and why I developed the Flipper Blackhat: starting at the hardware level through the bootloader, kernel and up to user space. On the hardware side, I'll detail the power supplies, the DDR3 routing, radios, and the A33 processor itself. I'll show the build system, device trees, Python scripts and the penetesting suite I ship with it. I'll provide an overview of the exploits I've written for it and how to control them from the Flipper app. I will also do a live demo of the device in honeypot mode, RAT driving, AP scanning, embedded exploit etc... PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/TQTUTQ/ Brachium Ryan Walker PUBLISH VBR7DQ@@program.why2025.org -VBR7DQ The state of IPv6 en en 20250810T170000 20250810T175000 0.05000 The state of IPv6 What is the matter with IPv6? How did we end up here? What has changed since we started now 25 years ago? What interesting things can one do to benefit from it? And most of all, why should YOU care? PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/VBR7DQ/ Brachium Altf4 PUBLISH R8VLQZ@@program.why2025.org -R8VLQZ Hacking - 35 years ago en en 20250810T190000 20250810T195000 0.05000 Hacking - 35 years ago Since the internet exists, people have been trying to circumvent security. Whereas most people nowadays do so for financial gain, 35+ years ago the world looked different. The internet connected academia. The people hacking were students, almost the only people who had access. Not many system administrators were paying much attention to security and for hackers, breaking into sites such as that of NASA, were ways to gain a reputation. In this presentation, "one of the Dutch hackers" will take a look at the hacking scene in the late 1980s, early 1990s. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/R8VLQZ/ Brachium Walter Belgers PUBLISH WD99DB@@program.why2025.org -WD99DB Pentesting Passkeys en en 20250810T200000 20250810T205000 0.05000 Pentesting Passkeys In this talk, we will first study the protocol behind passkeys, called Webauthn. We will then look at some common implementation mistakes, and how we can exploit them. Next, we will present a methodology to carry out pentests on Webauthn implementations, and finally we discuss some vulnerabilities that we detected (and disclosed!) in various web applications. This talk is based on joint research with Peizhou Chen (University of Twente). PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/WD99DB/ Brachium Matthijs Melissen PUBLISH TKESVQ@@program.why2025.org -TKESVQ CyberSecurity Rant - a safe space to talk about what annoys you in cybersecurity en en 20250810T210000 20250810T215000 0.05000 CyberSecurity Rant - a safe space to talk about what annoys you in cybersecurity Security-minded people have been raising awareness, setting up processes, creating standards and protocols, finding, fixing and exploiting vulnerabilities for years, cybersecurity industry has hundreds of vendors solving all kinds of security problems, and yet there are more risks uncovered and more breaches happening. This session will be a safe space to talk about annoying issues not fixed in security, pick what you think is wrong with cybersecurity and tell us. We'll start with our most painful cybersecurity griefs, and we want audience to participate in this collective rant, and let it all out. Let's see what the attendees think in the end of the rant - are we all doomed, or is there light at the end of the tunnel. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/TKESVQ/ Brachium Kseniia Ignatovych Nicolas Marina Bochenkova PUBLISH BVSMJZ@@program.why2025.org -BVSMJZ How to bluff your way into Zero Trust en en 20250810T220000 20250810T225000 0.05000 How to bluff your way into Zero Trust Zero Trust (ZT) is a security paradigm gaining traction, especially in the US defense community. The underlying idea is to reduce implicit trust as much as possible. This makes great sense from a security perspective. Its implementation is daunting though, because it is not about dropping a new product in the security landscape. Instead, it is more an approach and a process. It is still hard to prioritize ZT and to retrofit it to existing system architectures. In the talk I will show how ZT is the progression of many security ideas that you may already be familiar with, and how you can rebrand and review what you are already doing to show that you are making progress. Outline: As a contributor to the Cloud Security Alliances Zero Trust cert (CCZT), and experienced instructor, I intend to borrow from the (public) body of knowledge and my experiences in teaching that. This will give the audience a good insight in Zero Trust content and trends. This will include - the core idea (never trust, always verify) - the major use cases - business value of ZT - steps in implementing - publicly available maturity models - example implementations and status thereof (e.g. US Airforce) - link to earlier principles - retrofitting ZT on an existing application - experiences PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/BVSMJZ/ Brachium Peter van Eijk PUBLISH UHHGZT@@program.why2025.org -UHHGZT Sensible Money: Designing a Sustainable Economy en en 20250810T100000 20250810T105000 0.05000 Sensible Money: Designing a Sustainable Economy At OHM2013 I gave a talk entitled _Hacking for Bankers_ where I explained the perverse motives in the present monetary system. This talk presents solutions. They are grassroots systems, that redefine money by choosing another basis for it. A humane basis. * **Sensible Bullion.** Founded on precious metals such as gold and silver, stored safely in a vault, with (title of) ownership claimable by the one who presents the corresponding digital coins. While the coins exist, they can circulate for online trading. Great for long-term savings, neutral for spending, but difficult to handle for investors. * **Sensible Energy.** Trading in sustainable energy at zero cost at a parallel energy market. In the Netherlands, we have rolled out so much sustainable energy that the energy market is giving a push-back instead of handling it with storage systems. Bypassing this market allows at least wind and solar energy to give each other mutual support, expressing that these are dependent elements in our country's sustainable future, and that they need to evolve together. * **Sensible Focus.** Economic theory teaches us that human attention is the most valuable asset overall. But since money expresses something else, it makes _business sense_ to optimise humans (and humanity) out of products and services. Were money to express the actual focus of a human being, then the world would be a different place. * **Sensible Dinosaur.** What if we put a (monetary) value on unexcavated fossil fuels? Would we then be able to resist digging it up and burning it? If we created such a money, could it pay for climate debt? Perhaps to correct the inequalities caused by climate change? Or maybe to pay for CO₂ recovery measures? Essential to all these currencies are a few guiding principles, with details in the [Book of Sensible Taler](http://book.sensible-taler.org/): 1. Currencies must be **fully backed** by an underlying value; this leaves no room for inflation 2. The underlying value cannot be borrowed, so **no interest** can be charged. Deep **participation with profit-sharing** offers a substitute investment mechanism. 3. Digital money entitles the owner to **claim the underlying value**. Payment systems must have **legal structures** to maintain this property even after bankruptcy. 4. Expenses are out in the open, there ore **no concealed fees** or indirect costs. Different underlying rules about the workings of money triggers people to make different choices. This is how these monetary system designs can focus on sustainability, rather than mindlessly chasing short-term profit. Such a system can co-exist with the fiat money issued by governments. And the digital money form is founded on [GNU Taler](https://www.taler.net/en/), it is fit for secure and private online payment at least as easily as fiat money. This project is kindly supported by [NLnet Foundation](https://nlnet.nl). PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/UHHGZT/ Cassiopeia Rick van Rein PUBLISH 3MF3N3@@program.why2025.org -3MF3N3 Dutch fun! (damentals) en en 20250810T110000 20250810T115000 0.05000 Dutch fun! (damentals) The inspiration for this talk comes from my background as a general linguist and current work as a teacher of Dutch as a foreign language. Eveybody with an interest in the Dutch language is welcome to join. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3MF3N3/ Cassiopeia Dina Tuinhof PUBLISH T9JW9Z@@program.why2025.org -T9JW9Z Open Source Imaging & Open Source Standard Hardware en en 20250810T120000 20250810T122500 0.02500 Open Source Imaging & Open Source Standard Hardware The Open Source Imaging Initiative has developed an open-source low-field MRI – and is now working on the clinical certification for it (+will open-source it as far as legally possible)! This started raising some discussions around the costs and patenting-schemes in public healthcare. But what about the rest of the public infrastructure? And who keeps control of what? This talk will give an overview of the current state of the project, a bit of historic context (how could this happen??) and will explore the current discussions around governance and property models – and the idea of Open-Source Standard Hardware PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/T9JW9Z/ Cassiopeia moedn PUBLISH L79ASB@@program.why2025.org -L79ASB Is AI for the birds? The beauty of backyard birdsong data en en 20250810T123500 20250810T130000 0.02500 Is AI for the birds? The beauty of backyard birdsong data - Why birds sing, hormones and territory - Neural networks for identifying animal sounds - Feature pre-processing for sound ID - Open source projects you can build yourself - Pointing microphones at the sky: nocturnal flight calls and migration - Data art and visualizations - Wait, is this surveillance? - The psychology of shifting baselines and why the data matters PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/L79ASB/ Cassiopeia Logan Williams PUBLISH KRG3AP@@program.why2025.org -KRG3AP Synology Disk Station Manager (DSM) Forensic Recovery Methods en en 20250810T140000 20250810T145000 0.05000 Synology Disk Station Manager (DSM) Forensic Recovery Methods In this WHY2025 session, Mischa van Geelen from Anovum — will unveil the latest research on Synology Disk Station Manager (DSM) forensic recovery methods. Drawing on extensive, hands-on investigations, we will dissect the internal architecture of Synology NAS systems, illuminating the processes that manage data and metadata within DSM. Through practical demonstrations and real-world case studies, we will explore hidden artifacts, undocumented features, and recovery techniques that empower investigators to retrieve critical evidence/recover data. From recovering volume structure to rebuilding RAID, attendees will gain unique insights into extracting and preserving digital footprints that remain invisible to most forensic tools. The session will also address common challenges such as encrypted volumes, RAID complexities, and undocumented OS and device capabilities. By shedding light on these topics, we aim to help security professionals, incident responders, and forensic specialists strengthen their investigative practices. Join this session to discover how a deeper understanding of DSM’s inner workings can make the difference between inconclusive evidence and a breakthrough in your next digital forensics case. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KRG3AP/ Cassiopeia Mischa Rick van Geelen PUBLISH HBMWXL@@program.why2025.org -HBMWXL Bare metal programming from the ground up en en 20250810T150000 20250810T152500 0.02500 Bare metal programming from the ground up Getting started with a new microcontroller can be daunting. They do come with datasheets, but these are often hundreds if not thousands of pages long and assume you already know the basics. So that's what I will be explaining: how to get started programming these thing, from `Reset_Handler` to blinking LED. This talk will cover the following things: * How to read datasheets * How to write a simple linker script * How to do basic initialization of a chip, enough to get a LED blinking * How to get the binary you created onto a microcontroller. I will assume you have some programming experience, but experience with embedded software is not required. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/HBMWXL/ Cassiopeia Ayke PUBLISH EYKRPS@@program.why2025.org -EYKRPS Race conditions, transactions and free parking en en 20250810T153500 20250810T160000 0.02500 Race conditions, transactions and free parking After the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions. This was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse. In this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking). PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/EYKRPS/ Cassiopeia Benjamin W. Broersma PUBLISH YXDFYP@@program.why2025.org -YXDFYP Embrace Chaos! How Game Randomizers Work en en 20250810T161000 20250810T163500 0.02500 Embrace Chaos! How Game Randomizers Work Game randomizers can breathe fresh air into your favorite video games by changing where things are, what enemies you fight, or even what the win conditions are. But how do they work? In this talk, I'll share my experience building a randomizer for the Gameboy Advance version of Final Fantasy 1. I'll tell you about the stumbling blocks I hit, and how I solved them. I'll also share the lessons I learned building my project, and how I'd do it better next time. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/YXDFYP/ Cassiopeia Nikki PUBLISH LXNXVK@@program.why2025.org -LXNXVK How to make a Domain-Specific Language for non-devs (so they don't need AI) en en 20250810T170000 20250810T175000 0.05000 How to make a Domain-Specific Language for non-devs (so they don't need AI) The field of Domain-Specific Languages has been going through a quasi-perpetual, reincarnating Gartner hype cycle for decades. Nevertheless, there are many DSLs out there, with many aimed squarely at software devs, and some at non-devs. In this talk, I’ll explain what a DSL is and is made up of, and why you‘d want to make one – especially for non-devs! –, why and how to do that using something called “projectional editing”, why and how DSLs are better than AI, and why DSLs should be a standard tool in our dev-toolbox. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/LXNXVK/ Cassiopeia Meinte Boersma PUBLISH BDQESV@@program.why2025.org -BDQESV Repair for Future en en 20250810T190000 20250810T192500 0.02500 Repair for Future When Martine Postma organized her first Repair-Café in Amsterdam, would she have imagined the kind of traction that her initiative would gain worldwide? With rampant enshittification of services, but also products ("planned obsolescence") comes resistance from consumers and politics. I'll show a few blatant examples and outline the recent progress in EU legislation. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/BDQESV/ Cassiopeia Fraxinas PUBLISH EFJTHQ@@program.why2025.org -EFJTHQ Lightning Talks en en 20250810T200000 20250810T205000 0.05000 Lightning Talks Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.why2025.org/Lightning_Talks PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/EFJTHQ/ Cassiopeia PUBLISH HKMELA@@program.why2025.org -HKMELA Hacker Jeopardy - Final en en 20250810T210000 20250810T230000 2.00000 Hacker Jeopardy - Final PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/HKMELA/ Cassiopeia Eloy PUBLISH TYQMAS@@program.why2025.org -TYQMAS FreeSewing: sewing patterns in the open source world en en 20250810T100000 20250810T102500 0.02500 FreeSewing: sewing patterns in the open source world If you want to learn how to sew, you must first have a sewing pattern. You are left to either buy (or find) sewing patterns, which are commonly graded (resized) up and down (often based on some "ideal" body shape, which does not take variations into account well), or you have to learn a whole new skill of pattern drafting. Although that skill has become more accessible through the internet, it is still difficult to learn the more complex you go. With FreeSewing, sewing patterns are parametric: they adapt to the measurements you put in, which is a lot more comprehensive than the grading-up-and-down system, and more inclusive of "different" body types too. (We don't believe in an "average body type".) Plus, it's available for free to anyone with access to an internet browser. FreeSewing also includes documentation for both sewing and programming. FreeSewing is a baby born out of spite, as the founder Joost was (and still is) too tall for what clothing stores have to offer. The talk will not be given by him, but by an enthusiastic contributor (who is too short for what clothing stores have to offer ;)). PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/TYQMAS/ Delphinus Lexander PUBLISH VRMZEG@@program.why2025.org -VRMZEG Flattening the Curve: Rediscovering Web UI Through Historic Geometric Constructions en en 20250810T110000 20250810T115000 0.05000 Flattening the Curve: Rediscovering Web UI Through Historic Geometric Constructions Modern UI/UX design is built upon concepts much older than computers. This talk uncovers how ideas from the history of geometry continue to shape the ways we define and render interfaces today—while also revealing a deeper story: how practical mathematical problems, from antiquity to today, have been approached not with algebra, but with the elegance of geometric construction. We’ll explore geometric throughlines, from Greek straightedge-and-compass methods, through innovations of the Islamic Golden Age, to Renaissance engineers and their mechanical drawing tools, all the way to Bézier curves of the 1960s—now foundational to every smooth SVG path on the web. Alongside interactive demos and visual examples, we’ll dive into surprisingly current problems that are solved through construction alone, in ways that are both rigorous and astonishingly intuitive. This talk is for anyone with a curious mind—no technical background required. While code snippets will appear, the real goal is to spark insight and wonder. Join us to discover how a blend of math, history, and art can transform the way we see both digital and physical space—and how centuries-old ideas continue to solve problems in ways that are as beautiful as they are practical. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/VRMZEG/ Delphinus ReallyLiri Mia PUBLISH KB7ATS@@program.why2025.org -KB7ATS PLOT4AI 2.0: Open source Threat Modeling for Trustworthy AI en en 20250810T120000 20250810T125000 0.05000 PLOT4AI 2.0: Open source Threat Modeling for Trustworthy AI After three years of research, in 2022 the first version of PLOT4AI launched with 86 AI-related threats. At that time AI security was still a niche topic discussed mainly by a few and AI safety was barely recognized beyond robotics and reinforcement learning. Then, just seven months later, ChatGPT launched, and the AI landscape changed overnight. Suddenly, AI became a central topic in public discourse, governance, and policy. The EU AI Act entered the scene, putting fundamental rights at the heart of AI product regulation. What was once a niche technical concern had become a global geopolitical issue, influencing regulatory and economic agendas around the world. It became clear: PLOT4AI needed a major update. In this talk, the author of PLOT4AI will take you behind the scenes of the tool’s creation and introduce PLOT4AI 2.0: a major new release of this open source AI threat modeling framework. The updated version includes over 138 AI-related threats, including threats related to Generative AI, Agentic AI, and complex deployment environments. PLOT4AI isn’t just a tool, it’s a collaborative effort to make AI safer for everyone! As an open source initiative, it's built on feedback, shared experience, and contributions. Whether you’ve spotted a missing threat, devised a new mitigation, or have real-world examples to add, your input is welcome and encouraged! This talk is both a deep dive into the evolution of AI threat modeling and a call to action for the AI open source communities to shape safer, more accountable AI together. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KB7ATS/ Delphinus Isabel Barberá PUBLISH 8VF3QU@@program.why2025.org -8VF3QU Challenge the Cyber en en 20250810T140000 20250810T142500 0.02500 Challenge the Cyber There's an overall shortage of cyber security experts. Challenge the Cyber (CTC) is the foundation that actively fosters security skills in young people and works on closing the gap between the need of experts in companies and talented young people who want to become these experts. CTC run a national hacking competition (CTF) with roughly 120 participants each year. The best (30-40) performers are then invited to a week long bootcamp in the summer in which highly technical workshops are given, a lot of attention is spent on team building and eventually a team of 10 players is selected for the European Cyber Security Challenge (ECSC). At ECSC team NL is supported again by CTC. Next to the competition there are side events where anyone can participate, such as playing CTFs with team Superflat. All in all, young people develop and progress through the years to our absolute elite in cyber security. (No, I'm not exaggerating here. We've got zero days as proof :D ) The presentation will tell all that and more but the story will be told with anecdotes by active participants and volunteers of the foundation. They will give an inspiring insight into the world of the young star hackers and their journeys throughout CTC. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/8VF3QU/ Delphinus Maja Jasper Per Schrijver PUBLISH TQXDPD@@program.why2025.org -TQXDPD Kubernetes from Scratch, The Hard Way en en 20250810T150000 20250810T155000 0.05000 Kubernetes from Scratch, The Hard Way PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/TQXDPD/ Delphinus Alain van Hoof PUBLISH VZDSF3@@program.why2025.org -VZDSF3 Knock knock who's there 2.0, the subtle art of (physical) port knocking en en 20250810T160000 20250810T165000 0.05000 Knock knock who's there 2.0, the subtle art of (physical) port knocking Feeling safe at home and at work is one of the most basic requirements for living. Part of being, and feeling, safe is the physical access system of the building. Since the last talk at MCH2022 more building entrance systems have been researched. The findings will be presented in this talk. And these findings have led to multiple CVE's and the discovery of single DES encryption and Mifare classic access card systems. One manufacturer who makes building entrance systems used at very sensitive objects such as tv studio's and airports managed to leak the private key of a CA they use to manage the building access. In another case we were able to generate license key files under the name of a very well known person. In all cases we will look at the vulnerability disclosure and how to make sure you do not end up in prison (although with these locks....) PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/VZDSF3/ Delphinus Jeroen Hermans PUBLISH WPGMJU@@program.why2025.org -WPGMJU Why Proprietary Tooling Hurts Your FOSS Project en en 20250810T170000 20250810T172500 0.02500 Why Proprietary Tooling Hurts Your FOSS Project My goal with this talk is to spark reflection and conversation about the tools we use to build open source projects, not just the code we write. I hope it encourages both new and experienced maintainers to think critically about how proprietary tools may be limiting their communities and values, even unintentionally. The audience will leave with a better understanding of the trade-offs involved, practical alternatives they can explore, and the motivation to make small changes that lead to more open, inclusive, and resilient projects. If more projects switch to even one open alternative, it strengthens the entire open source ecosystem by reducing dependency on tech giants and supporting community-owned infrastructure. Whether you're starting a new project or maintaining a mature one, this talk will challenge you to think critically about the tools you use and advocate for open, community-controlled alternatives that align with the spirit of FOSS. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/WPGMJU/ Delphinus Jan Ainali PUBLISH CB7A9V@@program.why2025.org -CB7A9V A Guided Tour to UNIX Shells en en 20250810T190000 20250810T195000 0.05000 A Guided Tour to UNIX Shells In an effort to demystify origins, development, and current role of shells, this talk tells a tale deeply rooted in the earliest days of UNIX development. In the process, several (historic as well as current) shells will be introduced among their notable features and impact on contemporary systems. To finish of, the talk discusses the legacy of historic shells and their influence on modern operating systems with or without UNIX heritage. While technical in parts, this is first and foremost a historical presentation with a bit of an outlook. Less tech-savvy audience members should thus still be able to enjoy this. In fact, newcomers to the shell may find some useful hints. Keywords: computing history; unix; multics; posix; linux PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CB7A9V/ Delphinus Stephan Hohmann PUBLISH DJ7NXK@@program.why2025.org -DJ7NXK Packets Over Any Wire: Alternative Networking Mediums for Hackers en en 20250810T200000 20250810T205000 0.05000 Packets Over Any Wire: Alternative Networking Mediums for Hackers Beyond the theoretical, we’ll examine real-world applications, including whole-home audio and video distribution, network segmentation strategies, and the unexpected advantages of leveraging existing infrastructure. You’ll see how HDMI matrices, IP-based video distribution, and networked audio solutions like SONOS Net can integrate seamlessly over alternative backbones. We’ll cover segmentation techniques to isolate security cameras, IoT devices, and AV distribution, ensuring efficiency and security. Expect deep technical insights, practical lessons from years of experimentation, and a fresh perspective on what’s possible when you stop thinking of cables as just power or TV lines—and start treating them as network highways. Whether you're looking to expand connectivity in a complex environment or just want to push the limits of home networking, this talk will leave you with new tools, techniques, and ideas to explore. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/DJ7NXK/ Delphinus Robert Sheehy PUBLISH PHGSJC@@program.why2025.org -PHGSJC GNU Taler: beyond digital money en en 20250810T210000 20250810T215000 0.05000 GNU Taler: beyond digital money PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/PHGSJC/ Delphinus Iván Ávalos PUBLISH QH8SS9@@program.why2025.org -QH8SS9 Sew your own Plush Tetrapod en en 20250810T100000 20250810T120000 2.00000 Sew your own Plush Tetrapod A tetrapod is a famous 4-legged geometric shape made of concrete and can be seen protecting coastlines around the world. In this workshop you will make your own mini plush tetrapod from fabric, wadding and stitches! No prior experience required, but we'll be using sewing machines and needles and thread, so you should be comfortable handling them. **Space will be limited - I'll do some form of sign up closer to the day. Watch this space...** The workshop takes 2 hours, though we may be done quicker than that depending on numbers. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/QH8SS9/ Workshop Euclid Samw PUBLISH JC33FX@@program.why2025.org -JC33FX Build up for Dijkstra & Evenblij - Ter Plekke nl nl 20250810T140000 20250810T190000 5.00000 Build up for Dijkstra & Evenblij - Ter Plekke PUBLIC CONFIRMED The square hole (Art & Installations) https://program.why2025.org/why2025/talk/JC33FX/ Workshop Euclid PUBLISH DDYEAK@@program.why2025.org -DDYEAK NPO Radio 1- Dijkstra & Evenblij Ter Plekke nl nl 20250810T190000 20250810T210000 2.00000 NPO Radio 1- Dijkstra & Evenblij Ter Plekke Elke zondagavond hebben we tussen 19-21 uur live uitzending vanuit een andere plek in het land. We bespreken daar lokale actualiteiten en er zijn gesprekken over bijvoorbeeld literatuur, geschiedenis, cultuur, zolang het maar een linkje heeft met de plek waar we zijn. Het programma is een rondreizende talkshow, compleet met livemuziek en is toegankelijk voor publiek. --- Every Sunday evening between 7-9 pm we have a live broadcast from another place in the country. We discuss local current affairs and there are conversations about literature, history, culture, as long as it has a link with the place where we are. The program is a traveling talk show, complete with live music and is open to the public. PUBLIC CONFIRMED Workshop (180 minutes) https://program.why2025.org/why2025/talk/DDYEAK/ Workshop Euclid PUBLISH VYTNWT@@program.why2025.org -VYTNWT Hacking Perfumery — Design Your Scented Future en en 20250810T100000 20250810T113000 1.03000 Hacking Perfumery — Design Your Scented Future Perfume often seem like something exclusive. Mysterious ingredients, luxury brands, and secret recipes. But in this workshop, we’ll show you how to hack the world of perfume using simple tools, shared knowledge, and a bit of help from AI. Smell is one of our most powerful senses. It helps us recognize danger, feel comfort, remember people, and imagine new experiences. In this session, we’ll each create a custom perfume that reflects our personal idea of a better future—whether that’s calm, community, wild nature, or something totally unique. Here’s what we’ll do: - Smell and get to know a range of ingredients we provide. - Use tools like online databases, example recipes and AI we will match ideas and feelings to real scents. - Mix and test small amounts to build your own perfume. - Share your scent and the story behind it. No experience needed. We’ll guide you through the process step by step. You’ll leave with your own small perfume and maybe some new ideas about how smell connects to how we see the world. PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/VYTNWT/ Workshop Giotto Gaspard Bos Argun Cencen PUBLISH WQ7BK8@@program.why2025.org -WQ7BK8 Balloon folding for adults en en 20250810T120000 20250810T133000 1.03000 Balloon folding for adults ``` _________ .___ .___ \_ ___ \ ____ _____ ____ _____ ____ __| _/ __| _/____ / \ \/ / _ \ / \_/ __ \ \__ \ / \ / __ | / __ |/ _ \ \ \___( <_> ) Y Y \ ___/ / __ \| | \/ /_/ | / /_/ ( <_> ) \______ /\____/|__|_| /\___ > (____ /___| /\____ | \____ |\____/ \/ \/ \/ \/ \/ \/ \/ ___. .__ __________ _____ ____ \_ |__ _____ | | ____ ____ ____ / ___/ _ \ / \_/ __ \ | __ \\__ \ | | / _ \ / _ \ / \ \___ ( <_> ) Y Y \ ___/ | \_\ \/ __ \| |_( <_> | <_> ) | \ /____ >____/|__|_| /\___ > |___ (____ /____/\____/ \____/|___| / \/ \/ \/ \/ \/ \/ _____ .__ .___.__ _/ ____\____ | | __| _/|__| ____ \ __\/ _ \| | / __ | | |/ \ / ___\ | | ( <_> ) |__/ /_/ | | | | \/ /_/ > |__| \____/|____/\____ | |__|___| /\___ / \/ \//_____/ ``` PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/WQ7BK8/ Workshop Giotto Frank Breedijk PUBLISH WHHUJM@@program.why2025.org -WHHUJM So you're interested in social engineering? The very first steps en en 20250810T150000 20250810T170000 2.00000 So you're interested in social engineering? The very first steps We will provide a general introduction to social engineering and guide the audience in the very first steps to actually start training this skill in a safe and responsible manner that will allow you to get a taste of social engineering by slightly altering your behaviour and still staying legal. We will cover the following topics: - Introduction to social engineering - Using OSINT to collect initial information - Creating pretext - Fundamental principles of human behavior and decision-making - Leveraging social normativity in persuasive interactions - Building rapport and trust - Exploiting trust - Practical exercises in everyday life PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/WHHUJM/ Workshop Giotto Kirils Solovjovs PUBLISH AVCQSM@@program.why2025.org -AVCQSM 🧶 Knitting Our Internet en en 20250810T170000 20250810T183000 1.03000 🧶 Knitting Our Internet Using my grandma’s yarn, we’ll simulate a centralized network, clearly and practically exposing the intrinsic limits and issues of any centralized infrastructure. After pinpointing these problems, we’ll time-travel to the beginnings of the Internet, discovering that decentralization was actually at its heart. We will travel through the history of the Internet and of the Web by reading quotes and observing pictures, together. We’ll see how the problem of social media “enshittification” and the criticalities of big tech do not arise at all from a technical issue, but it is all a social, political, and economical matter. Therefore, we’ll dive into the concept of “Surveillance Capitalism” unmasking the hidden dynamics of the digital technology industry, from data harvesting to emotional manipulation. How do we take Our Internet back? How can we make it truly decentralized again? The workshop ends with the simulation of a decentralized network among the participants, still using my grandma’s yarn. We will have uncovered how decentralization is key not only to address social media issues, but it’s a broader political structure we should be using as reference in pursuing brighter and more human perspectives. Full workshop in [Knitting Our Internet’s *Weaver Kit*](https://ournet.rocks/weaver-kit/) PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/AVCQSM/ Workshop Giotto Tommi 🤯 PUBLISH NVCRLH@@program.why2025.org -NVCRLH Rope Jam en en 20250810T190000 20250810T210000 2.00000 Rope Jam A rope jam is an open, unstructured space for tying, practicing, or learning together. You can come alone, with a partner, or in a small group. Attendees are encouraged to: self tie, seek others to tie with, be tied by, switch with, observe or talk rope with. We’ll begin with a short intro and help match people up for those who arrive on time. You’re also welcome to bring your own partner(s) or simply observe and chat. What to bring: - Non-stretchy rope (if you have it) - A blanket or cushions for sitting on the floor without shoes - No dress code, but avoid loose clothing, it makes tying harder Rules: - Consent is mandatory - always ask before engaging - This is a non-sexual, fully clothed space (“lab mode”) - No photography unless everyone involved agrees - Respect people’s boundaries and focus - Don’t interrupt active scenes - Keep conversation low and rope-focused to match the atmosphere A small amount of practice rope will be available. Whether you're new to rope or experienced, this is a relaxed space to share skills, learn, or just enjoy the vibe. Come say hi! PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/NVCRLH/ Workshop Giotto DoodleMe KnottyLola PUBLISH BXLPXN@@program.why2025.org -BXLPXN Sensing the World Around you with EMF! en en 20250810T110000 20250810T130000 2.00000 Sensing the World Around you with EMF! Through-hole soldering required for this workshop. This kit is designed for everyone and is accessible to all skill levels. Adult assistance required for youth who are new to soldering. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/BXLPXN/ Electronics (Hardware Hacking Village) Darcy Neal PUBLISH KY88NS@@program.why2025.org -KY88NS Arduino For Total Newbies en en 20250810T140000 20250810T173000 3.03000 Arduino For Total Newbies This workshop will give you the confidence to start making just about any electronic project you see on the internet! We cover all you need in this workshop. **Workshop Itinerary:** * Intro to Arduino * Very short lesson to learn everything you need to know about electronics * Learn to solder (everyone can learn!) * Make an Arduino from a kit * How to set up the free and open-source Arduino software (Windows, Linux, and MacOS are all fine!) * How to program Arduinos * How to read schematic diagrams * Put together your own TV-B-Gone remote control using your Arduino clone board using a solderless breadboard * Target practice is available all over the world after the workshop. **Materials cost:** The workshop is free, but if you would like to partake in the hands-on aspects of the workshop, Mitch will have materials for **€40**. _**Optional:** Bring your laptop if you want to go home with the free Arduino software installed on it._ _Arduino software runs on Windows, MacOS and Linux (any version is fine):_ [Arduino software](https://www.arduino.cc/en/software) PUBLIC CONFIRMED Workshop (180 minutes) https://program.why2025.org/why2025/talk/KY88NS/ Electronics (Hardware Hacking Village) Mitch PUBLISH 3LGRVE@@program.why2025.org -3LGRVE REYN en en 20250810T150000 20250810T160000 1.00000 REYN REYN is a multidisciplinary Dutch artist: An incredible musician who is, above all, a writer of genius, producer, mixing engineer and performer. He started at the age of 16 by writing soundtracks for some of the greatest video-game publishers (Last Ninja III, Flimbo’s Quest). To this day, he has recorded more than a dozen movie soundtracks and theme-tunes for TV-series. Over the last few years, he has also been arranging for Amsterdam Sinfonietta and the Residentie Orkest’s philharmonic orchestra in the Netherlands. He won numerous prizes at the Edisons, the Dutch music awards. In addition to his classical experience with orchestras, Reyn is also a producer and musical director that has made his mark on both the Dutch and the French pop scene, having worked on albums and tours for artists such as Vanessa Paradis, ZAZ, Benjamin Biolay, Stephan Eicher, Gaëtan Roussel, Teitur, Mister & Mississippi, Wende, Kane, among others. PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/3LGRVE/ Party Stage PUBLISH SRW3V7@@program.why2025.org -SRW3V7 Ambrassband - Brass With a Cause en en 20250810T200000 20250810T213000 1.03000 Ambrassband - Brass With a Cause Over the years, more than 50 musicians have contributed to Ambrassband’s powerful message of activism through danceable brass music. Come for the horns, stay for the revolution. PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/SRW3V7/ Party Stage PUBLISH S8WQTC@@program.why2025.org -S8WQTC Prins S. en De Geit - Dutch Electro-Pop Mischief en en 20250810T213000 20250810T223000 1.00000 Prins S. en De Geit - Dutch Electro-Pop Mischief Their bold sound and theatrical performances have electrified festivals like Lowlands, Rock Werchter, Pinkpop, and Appelpop. Their WHY2025 show promises to be equally wild and unpredictable. PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/S8WQTC/ Party Stage PUBLISH RKWSYS@@program.why2025.org -RKWSYS Silent Disco with DJ Homski en en 20250810T230000 20250811T040000 5.00000 Silent Disco with DJ Homski PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/RKWSYS/ Party Stage PUBLISH RX9QGN@@program.why2025.org -RX9QGN Symphony of Fire (Show): Music created from explosions, fire and lightning! en en 20250810T223000 20250810T231000 0.04000 Symphony of Fire (Show): Music created from explosions, fire and lightning! Much like techno trailblazers Kraftwerk, Dobberstein works tirelessly in his own laboratory, continuously inventing new instruments and music. The result in Deventer: a fully computer-controlled mega-orchestra of fire machines! Drawing inspiration from chiptune, rock, classical music, and hip-hop, the outcome is truly spectacular and unlike anything else. Their pioneering work is gaining attention. The Dutch NOS news has already featured them. Renowned artists like Binkbeats and Def P have collaborated with the team. They’ve even organized their own festival—"De Langste Nacht"—and have been invited to close major events like Burning Man and Dutch Design Week. The future is here! South African-born Uwe Dobberstein is responsible for design, the nature-driven processes, and literally drives the orchestra with a whip during live shows. Electronic wizard Peter de Man has laid the electronic foundation making these shows technically and musically possible. Peter remarks, “The language of Symphony of Fire is universal, giving audiences something they've never seen, felt, or heard before.” PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/RX9QGN/ Party Area PUBLISH QNKNQS@@program.why2025.org -QNKNQS Movie: Wargames en en 20250810T233000 20250811T020000 2.03000 Movie: Wargames https://www.imdb.com/title/tt0086567/ Location: next to Party Area Terrace PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/QNKNQS/ Party Area PUBLISH XZBREW@@program.why2025.org -XZBREW Digital sovereignty and the FOSS-stack at school. en en 20250811T100000 20250811T105000 0.05000 Digital sovereignty and the FOSS-stack at school. The need for digital sovereignty has always been great, but now there is an autocrat in the White house that is fighting everything he deems “Woke”. This renders USA Big Tech that is run by billionaires that have sworn loyalty to this new King unsuitable for use in education. Schools are yearning for a more fair digital environment, but most schools don’t have the funding, knowledge or capacity to create a public-values-by-design school IT environment with all the fantastic free and open source software that is out there. That is why we started the coalition for fair digital education, so we can bring together the knowledge of free and opensource with the needs of the educational sector. In this presentation we'll present the WHY for the FOSS stack for schools, our plan how to get there, and the progress we have made so far on our pilot schools. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/XZBREW/ Andromeda Geert-Jan PUBLISH EHZBQB@@program.why2025.org -EHZBQB Digital sovereignty with open source software in the public sector en en 20250811T110000 20250811T112500 0.02500 Digital sovereignty with open source software in the public sector An overview over the ZenDiS‘ projects such as openDesk and the 100 day challenges together with our open source accomplices DINUM of France and the Ministerie van Binnenlandse Zaken en Koninkrijksrelaties of the Netherlands. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/EHZBQB/ Andromeda Sven Neuhaus PUBLISH YDF8KU@@program.why2025.org -YDF8KU GHP1989 to WHY2025: Dutch hacker camps from the past and the future en en 20250811T120000 20250811T125000 0.05000 GHP1989 to WHY2025: Dutch hacker camps from the past and the future Dutch Hacker Camp culture is deeply rooted in the ethos of openness, collaboration, and exploration. These camps are typically organized by volunteers from various hacker and maker communities in the Netherlands and attract participants from all over the world who are interested in technology, hacking, DIY culture, and digital freedom. The Dutch hacker Camps are part of the larger series of international hacker camps, fitting in the rhythm of CCCamp (Germany) and EMF (UK), and not colliding with BornHack. Over the years, Dutch Hacker Camps have evolved and grown in size and popularity, attracting not only hackers and tech enthusiasts but also artists, activists, educators, and others who are passionate about exploring the intersection of technology and society. This talk will take you through the history of Dutch Hacker Camps, and tell the story of the preparation for this one! PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/YDF8KU/ Andromeda Boekenwuurm - Nancy Beers PUBLISH QX3G3G@@program.why2025.org -QX3G3G Guerrilla Security Awareness Done Right; Hacking Your CISO's Phishing Simulation en en 20250811T140000 20250811T145000 0.05000 Guerrilla Security Awareness Done Right; Hacking Your CISO's Phishing Simulation Corporate phishing simulations are broken. You know it, I know it. And yet, every quarter, some overfunded awareness campaign lands in your inbox with all the subtlety of a Nigerian prince. The goal? To test whether you're “cyber aware.” The result? A war of attrition between InfoSec and the click-happy masses. But what if we made visible what these simulations actually prove? In this talk, we explore how to recognize and hack your organization's phishing simulations. Without getting fired (probably, no guarantees). From fingerprinting CISO-run campaigns using SPF records, consistent sender patterns and timing, to launching your own “counter-phishing” emails that prove how absurd the entire exercise is. We’ll walk through real-world tactics for flipping the script: phishing the phishers, automating chaos, and pushing back against checkbox security culture. All with a healthy dose of satire, social engineering, and plausible deniability. If you’ve ever wanted to troll your security team for a good cause, this one’s for you. Just don’t click the link in the description. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/QX3G3G/ Andromeda Fleur Van Leusden PUBLISH WSM3XV@@program.why2025.org -WSM3XV The WHY, the How, the What. An assessment of TETRA End-to-end en en 20250811T150000 20250811T155000 0.05000 The WHY, the How, the What. An assessment of TETRA End-to-end TETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities. In previous research, we published [TETRA:BURST](https://www.midnightblue.nl/tetraburst), revealing vulnerabilities in the TETRA air interface encryption, and publishing the secret cryptographic primitives for public scrutiny. We now present all-new material, assessing the optional and often expensive end-to-end encryption, which adds an additional layer of encryption on top of the air interface encryption, a layer that can only be decrypted by the traffic's recipient, and not by the infrastructure. These solutions enjoy significant end-user trust and are intended for the most sensitive of use cases. While the ETSI standard on TETRA does facilitate integration of some E2EE solution, the solutions themselves are vendor-proprietary, and proved quite hard to obtain. The opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers) is worrying enough, but given our previous TETRA:BURST research, E2EE is frequently mentioned as a potential mitigation. In order to shed light on its suitability, we decided to undertake the effort of reverse-engineering a TETRA E2EE solution. We'll discuss how we investigated the E2EE landscape, and how we (after being scammed on a Motorola device) managed to extract an implementation from a popular Sepura radio. We'll then discuss the E2EE design (that we have published on GitHub) along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS (short text) messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits. In addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us. Finally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/WSM3XV/ Andromeda Wouter Bokslag Carlo Meijer PUBLISH SKKCEM@@program.why2025.org -SKKCEM AiTM panels and sellers en en 20250811T160000 20250811T165000 0.05000 AiTM panels and sellers This talk offers a deep dive into the infrastructure and operational models behind modern Adversary-in-the-Middle (AiTM) phishing attacks. These aren't hobbyist scripts—they are mature, productized platforms that resemble legitimate SaaS offerings. We explore how these platforms work under the hood: How attackers deploy dockerized phishing kits The use of CDNs, Telegram bots and proxy networks Panel features like token capture, mailers, and multi-user support Revenue models, actor branding, and upsells We will showcase real examples of AiTM panels (including EvilProxy, Tycoon, Mamba2FA, and Raccoon), backed by original research and detection data gathered from over 2,000 incidents across hundreds of Microsoft 365 tenants. Attendees will walk away with an understanding of how these platforms scale, how attackers manage their infrastructure, and how defenders can detect and preempt them using techniques like pixel beacons and certificate transparency. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/SKKCEM/ Andromeda rik van duijn Wesley Neelen PUBLISH 7A7QJV@@program.why2025.org -7A7QJV A Journey Through Boring Telco Data Leaks en en 20250811T170000 20250811T172500 0.02500 A Journey Through Boring Telco Data Leaks These include: * an eSIM provisioning portal exposed via unauthenticated debug web interface * full backend access to a smartphone retail platform, including CRM data and hotline audio recordings * publicly accessible SIM inventory systems, Call Data Records (CDRs), and even passport scans * "open source" telco functions running in plain PHP, sometimes with hardcoded credentials * …and more strange eSIM-related findings This isn’t a high-end 0-day story. This is about minimal-effort, boring data leaks that still manage to have a surprisingly high impact. The talk will include examples, screenshots, and recurring patterns that keep coming up. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/7A7QJV/ Andromeda kantorkel PUBLISH Y9YKJF@@program.why2025.org -Y9YKJF The story and maths behind the Sferical lamps en en 20250811T173500 20250811T180000 0.02500 The story and maths behind the Sferical lamps I'd like to take you with me on how I build a generator for spherical lampshades. I'll talk about how math slowly turns into magic. The math is mainly trigonometry, so we can reminisce about highschool. But don't worry too much about it. It will be visualised, so everyone can follow along. The real magic happens when we introduce light into the equation, illuminating the creations in stunning ways. Plus, since this project is open source, you'll have the opportunity to craft your own unique lampshades! Or hack it into something else entirely... PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/Y9YKJF/ Andromeda R3GB (ReggieB) PUBLISH CJQD7U@@program.why2025.org -CJQD7U Caveat Emptor: Ratings and Reviews Can't Be Trusted en en 20250811T190000 20250811T195000 0.05000 Caveat Emptor: Ratings and Reviews Can't Be Trusted Ratings and reviews, although almost universally relied on by consumers, are, like much other online info, often manipulated to increase sales, pump up merchant reputation but are sometimes used malicious to slam a competitor). Even sites that only allow reviews from purchasers can be manipulated, particularly on platforms when low cost products are sold. Ebay harbors fraudulent sellers by combining buyer and seller reputation, and not weighting by sale price. (So a 5 star rating for a trivial purchase accrues equal reputation as a large value sale.) Many manipulations should be easily detectable by looking for some clear behavioral signatures, and then not training the adversaries by using adversary engineering rather than simply deactivating accounts. (I'll show you how to spot a lot of the red flags.) Examples ranging from pumped up restaurant listings (up to #1 in London), Amazon and Ebay's problems, a puppy sales site that had a rating system so bad by design that they were sued by an animal rights org for facilitating fraud by puppy mills. (There are a lot of sick puppies out there...) PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CJQD7U/ Andromeda mark seiden PUBLISH DG7VSX@@program.why2025.org -DG7VSX Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities en en 20250811T200000 20250811T205000 0.05000 Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities Seven years ago, Spectre and Meltdown were announced. These two vulnerabilities showed that instructions executed by the CPU might accidentally access secret data. This secret data can contain files cached from disk, cryptographic keys, private information, or anything else that might be stored in memory. An attacker can use Spectre to learn the value of that secret data, even though the attacker is not supposed to have access to it. Even though this sounds problematic, there is a reason why these type of vulnerabilities haven't had a significant real-world impact. Mitigations make it much harder to pull off, and an attacker needs a form of remote code execution anyway to trigger the relevant CPU instructions. If an attacker can already execute arbitrary code, then Spectre is probably not what you should be worried about. For regular users, these CPU vulnerabilities are likely not that much of a threat. However, that is not the case for public cloud providers. Their business model is to provide *remote code execution as a service*, and to rent out shared hardware resources as efficiently as possible. Customers run their system in an seemingly isolated virtual machine on top of shared physical hardware. Because customers can run anything they want on these systems, public cloud providers must treat these workloads as untrusted. They have to assume the worst case scenario, i.e. that an attacker is deliberately trying violate the confidentiality, integrity or availability of their systems, and, by extension, their customers' systems. For transient execution vulnerabilities like Spectre, that means that they enable all reasonable mitigations, and some more. In this talk, we show that transient execution attacks can be used on real-world systems, despite the deployed software mitigations. We demonstrate this by silently leaking secret data from another virtual machine at a major global cloud provider, defeating virtual machine isolation without leaving a trace. Additionally, we'll discuss our coordinated disclosure process, the currently deployed mitigations and how future mitigations could address the issue. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/DG7VSX/ Andromeda Thijs PUBLISH 9HUFEX@@program.why2025.org -9HUFEX Getting Started: Reading Bosch Sensor Data on the Badge with MicroPython en en 20250811T210000 20250811T215000 0.05000 Getting Started: Reading Bosch Sensor Data on the Badge with MicroPython MEMS (Micro-Electro-Mechanical Systems) sensors are miniature, highly precise components that detect motion, position, and environmental conditions. They are widely used in smartphones, cars, wearables, and smart home devices and are manufactured in specialized cleanrooms using advanced semiconductor processes. This talk starts with a short introduction covering: What are MEMS? How are they made? What can the Bosch BMI270 (6-axis IMU) and BME690 (gas, humidity, temperature, and pressure sensor) do? After this overview, we’ll switch to a practical session: you’ll learn how to get started with MicroPython to access real-time sensor data on the WHY2025 Badge. By the end, you’ll be ready to experiment with your own ideas and prototypes based on the badge’s powerful sensing capabilities. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/9HUFEX/ Andromeda Harald Koenig PUBLISH ZRBZAC@@program.why2025.org -ZRBZAC TIC-80 byte jam en en 20250811T220000 20250811T225000 0.05000 TIC-80 byte jam TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing. TIC-80 is a fantasy console with limited resources like 240x136 pixels display, 16 color palette, 256 8x8 color sprites, 4 channel sound , etc. This gives the TIC-80 a very retro look and feel. This byte jam is a good representation of the demoscene, where coders/hackers with very limited resources in hard or software make stunning audio and visual effects. In Europe the demoscene got status of cultural heritage in Finland, Germany and Polen and requested for Netherlands and other countries. Want to join this ByteJ am as coder? Check with Dave / zeno4ever for the possibilities!! PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/ZRBZAC/ Andromeda Dave Borghuis PUBLISH 8MWKCY@@program.why2025.org -8MWKCY USB: the most successful interface that also brings power en en 20250811T100000 20250811T105000 0.05000 USB: the most successful interface that also brings power We will cover: - how the world of computer peripherals looked like before USB - how did USB evolved - how USB became the universal interface for delivering extra low voltage - how the Type-C connector changed everything PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/8MWKCY/ Brachium Ondřej Caletka PUBLISH YMLNME@@program.why2025.org -YMLNME Passive and active RADAR using Software Defined Radio en en 20250811T110000 20250811T115000 0.05000 Passive and active RADAR using Software Defined Radio RAdio-frequency Detection And Ranging (RADAR) aims at using electromagnetic signals for detecting target location and motion. Being constantly illuminated with electromagnetic smog, we can benefit from existing radiofrequency emitters meeting RADAR requirements -- strong power and wide bandwidth -- for passive RADAR measurements where no active emitter is needed, using only coherent passive dual-channel Software Defined Radio (SDR) receivers for passive recording of existing signals. If existing signals are unsuitable, we can use the same principle with non-cooperative emitters such as a Wi-Fi dongle in an active RADAR setup. All processing flowcharts are implemented using GNU Radio for real time acquisition, and GNU/Octave or Python for post-processing: generic principles will be demonstrated, applicable to all sorts of receiver hardware. We will conclude with Synthetic Aperture RADAR (SAR) where antenna motion is used to simulate wide aperture receiving antennas, adding azimuth resolution to range resolution. Supporting documents are found a https://github.com/jmfriedt/SDR-GB-SAR or https://github.com/jmfriedt/passive_radar or https://github.com/jmfriedt/sentinel1_pbr PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/YMLNME/ Brachium Jean-Michel Friedt PUBLISH GRPAX8@@program.why2025.org -GRPAX8 Postmortem: XS4ALL en en 20250811T120000 20250811T125000 0.05000 Postmortem: XS4ALL In 2019 it was announced that XS4ALL as a brand and company would be integrated into KPN. What followed was a stormy year of customers rising up, employees resisting and frequent media coverage culminating in a court case which ultimately failed to preserve XS4ALL as an independent entity. How did the once happy union of XS4ALL and KPN turn sour, what events lead to the decision to integrate XS4ALL and what did the fight to preserve XS4AL look like from the inside? This talk will try to answer these questions and give insight into how the first consumer ISP from the Netherlands ultimately met its end. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/GRPAX8/ Brachium Arjan van Hattum PUBLISH 9C7CHJ@@program.why2025.org -9C7CHJ The Menopause Gap: How Silence and Stigma Are Putting Women at Risk en en 20250811T140000 20250811T145000 0.05000 The Menopause Gap: How Silence and Stigma Are Putting Women at Risk Disclaimer: For the sake of simplicity, throughout this talk the term ‘women’ will be used when referring to individuals suffering the effects of menopause, however this information is relevant for all individuals born with female reproductive organs. Menopause remains shrouded in stigma, silence, and common misinformation, leaving many women unsupported and uninformed. Myths and a lack of understanding about menopause contribute to confusion, fear, and inadequate care. It will go beyond the well-known symptoms to uncover the diverse range of life changing symptoms women face during menopause. By openly discussing menopause and moving beyond the idea of 'fixing' women the focus can instead be on building a culture that recognizes and respects the diverse challenges for all women at every stage of life. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/9C7CHJ/ Brachium ChewyMoose PUBLISH UFFXJR@@program.why2025.org -UFFXJR The right to be forgotten en en 20250811T150000 20250811T155000 0.05000 The right to be forgotten In today's digital landscape, protecting one's online presence can be a daunting task. I am a former marketeer who back in 2018 got inspired by "The Privacy, Security and OSINT Show" podcast, a podcast whom disappeared from the internet. This was also the time that in Europe the GDPR was still being implemented and techniques on how to protect your digital footprint started to differ a lot from practices in the US. With the rise of data breaches, and online harassment, individuals must navigate a complex web of regulations and best practices to safeguard and stay in control over their personal information. I ported many techniques to my own life in Europe and share my experiences in trying to remove myself from the internet. This talk explores the intricacies of online privacy, by leveraging the of GDPR and tooling to influence your online exposure. I share my experiences with trying to remove myself from the internet and the mistakes that taught me about real-life implications. I hope to help navigate more people to a holistic approach to personal data protection whom I now pursue. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/UFFXJR/ Brachium ph00lt0 PUBLISH FY8CXY@@program.why2025.org -FY8CXY WHY2025 Infrastructure Review en en 20250811T160000 20250811T165000 0.05000 WHY2025 Infrastructure Review PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/FY8CXY/ Brachium Arjan Koopen PUBLISH KJEMMF@@program.why2025.org -KJEMMF Guardians of the Dutch healthcare part 2: NIS2 edition en en 20250811T170000 20250811T175000 0.05000 Guardians of the Dutch healthcare part 2: NIS2 edition PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KJEMMF/ Brachium NelusTheNerd PUBLISH 7EMW3A@@program.why2025.org -7EMW3A How we stopped a € 50 million project from destroying a forest (and other ways to pick fights with corporations and governments) en en 20250811T190000 20250811T195000 0.05000 How we stopped a € 50 million project from destroying a forest (and other ways to pick fights with corporations and governments) In 2017 a large corporation announced that they wanted to build a water theme park in a small forest that I had known from my childhood. Immediately an overwhelming feeling of injustice came over me. Why would you sacrifice the future of our children for a theme park? It turned out a number of neighbours had the same feeling. We decided to draw a line in the sand. For seven years we fought a battle with the corporation and the government, and the whole time everybody was telling us this was a fight we could not win. In 2024 we won that fight. It turned out it wasn’t just luck. We created a plan, and we stuck to it. Since then we have been sharing our experiences with other organisations. Fatalism can be your greatest enemy, but it doesn’t have to be. Welcome to the rebellion. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/7EMW3A/ Brachium Jan De Coster PUBLISH FYPY7C@@program.why2025.org -FYPY7C Nerding out over silly machines en en 20250811T200000 20250811T205000 0.05000 Nerding out over silly machines Beside Schuberg Philis, DIVD, attending the farm and keeping my bees I als build machines. It is an interesting process and I want to share it with you. Machiens I will be talking about: * The (worlds?) 1st 3d color printer from TNO * The raking robot * AI/Twitter/Telegram/Slack connected Telex * ASCII photo booth PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/FYPY7C/ Brachium Frank Breedijk PUBLISH 7C8XYS@@program.why2025.org -7C8XYS Automate yourself out of supply chain hell en en 20250811T210000 20250811T215000 0.05000 Automate yourself out of supply chain hell PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/7C8XYS/ Brachium cy PUBLISH WDPPRA@@program.why2025.org -WDPPRA Four Freedoms of Social Media Protocols en en 20250811T220000 20250811T222500 0.02500 Four Freedoms of Social Media Protocols The Four Freedoms of Social Media: A Bill of Rights for Digital Communities Just as free software has the Four Freedoms, our digital communities need Four Freedoms for Social Media—fundamental rights that ensure people, not corporations, control their online spaces. Social media today is defined by surveillance, manipulation, and arbitrary control—but it doesn’t have to be. This talk lays out what we must demand from social protocols: 1. The Freedom to Connect – No one should be prevented from communicating or organizing due to corporate interests or government pressure. 2. The Freedom to Move – Users and communities must be able to leave one platform and take their relationships, content, and identity elsewhere. 3. The Freedom to Understand & Control Algorithms – People should know how their feeds are shaped and have the power to change them. 4. The Freedom to Self-Govern – Communities should set their own rules, rather than being subject to arbitrary moderation and deplatforming. Technologies like AT Protocol (BlueSky), ActivityPub (the Fediverse), and Nostr offer glimpses of this future, but they must be built around these freedoms—not just as features, but as non-negotiable principles. This talk isn’t just about what’s possible—it’s about what we must demand from the next generation of social protocols. The future of digital communities should belong to us—not corporations. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/WDPPRA/ Brachium rabble PUBLISH BNTTXU@@program.why2025.org -BNTTXU Autarkie - Instant grammar fuzzing using Rust macros en en 20250811T100000 20250811T105000 0.05000 Autarkie - Instant grammar fuzzing using Rust macros Gone are the days of finding bugs in the parser or on the surface of applications. The bugs now lie in the core application logic, well beyond the parser. Fuzzing complex targets such as interpreters, databases or network protocols has always been difficult due to their strict input structures. Autarkie was born out of the need of fuzzing complex and evolving data structures with the convenience of fuzzers such as AFL++. Autarkie leverages a simple insight: the target needs to parse the input, so it must define the structure internally. Macros could be used to gain insight into the structure and build a grammar fuzzer. Autarkie does not just out perform all other grammar fuzzers, but also offers novel features such as removing grammar derivation and maintenance, ability to learn from other fuzzers, constraint solving and resumable fuzzing campaigns. Join me for this talk where I go through Autarkie's internals, features, and its development journey. I will also talk about my journey hunting for bugs with Autarkie and hopefully convince you to use it on yours. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/BNTTXU/ Cassiopeia Aarnav Bos PUBLISH NK7YTF@@program.why2025.org -NK7YTF Escaping a misleading "sandbox": breaking the WebAssembly-JavaScript barrier en en 20250811T110000 20250811T115000 0.05000 Escaping a misleading "sandbox": breaking the WebAssembly-JavaScript barrier When talking about WebAssembly, the word "sandbox" comes up often: modules are isolated from eachother, and from the host runtime. Hence, it is perfectly safe to run untrusted WASM modules (e.g. plugins) in a web-app: the module's interfaces can be limited, making it such that any malicious code has no way of escaping. ... is what I thought. In this talk I will show how a sneaky specification detail allows us to program a JavaScript version of a _weird machine_, to eventually escape from WebAssembly into running arbitrary JavaScript code. This trick is fully in-spec and requires no actual browser exploitation (we don't break _that_ sandbox). Hence, this talk should be accessible for anyone with a basic JavaScript understanding. No WebAssembly experience is required: I will cover everything required to understand the exploit. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/NK7YTF/ Cassiopeia Thomas Rinsma PUBLISH WQVFUN@@program.why2025.org -WQVFUN Weakpass en en 20250811T120000 20250811T125000 0.05000 Weakpass During this talk, I will present the story of the Weakpass project and the tools that were developed as part of it. Additionally, I will demonstrate how these tools have been utilized in various contexts, such as password cracking and automatic account password strength checks. The discussion will explore practical applications and the impact of these tools on enhancing security practices. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/WQVFUN/ Cassiopeia Steph Alyona PUBLISH XVET7C@@program.why2025.org -XVET7C How (not) to configure your domainname [internet.nl] en en 20250811T140000 20250811T145000 0.05000 How (not) to configure your domainname [internet.nl] This talk will explain how to configure modern security standards on your domain name with the help of [the open source](https://github.com/internetstandards/Internet.nl/) [Internet.nl](https://internet.nl). It will show common misconfigurations in DNS and security headers. Teach you why you should probably want to avoid `www CNAME @`, want to enable IPv6 and other observations from the [biannual measurements](https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden) of scanning more than 10.000 governmental host names in The Netherlands. After this talk you'll know at least one DNS or security header improvement for your own or organization domain. This presentation will touch: - why enable DNSSEC ([RFC 4033](https://datatracker.ietf.org/doc/html/rfc4033) and many more), some common failures (e.g. CNAME's) - why enable IPv6, not talking about 'IPv4-mapped IPv6 address' here, issues if you're still not supporting IPv6 (almost 30 years after [RFC 1883](https://datatracker.ietf.org/doc/html/rfc1883)) - why not CNAME to your apex domain (if you have an Mx record) - why use Null MX ([RFC 7505](https://datatracker.ietf.org/doc/html/rfc7505)) - why configuration SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)) on all hostnames - why there are more reasons to avoid CNAME's - why enable DANE ([RFC 6698](https://datatracker.ietf.org/doc/html/rfc6698)) and TLSRPT ([RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)) and why it's superior to MTA-STA ([RFC 8461](https://datatracker.ietf.org/doc/html/rfc8461)), how to rotate DANE - why monitoring matters - why first doing a `https://` redirect before a domain redirect - why a strict Content-Security-Policy ([CSP v3](https://www.w3.org/TR/CSP3/)) will save you - why configure `ssl_reject_handshake` (nginx only) - why have an accessible security.txt (special allow rule if you have basic auth!) that contains at least one email address - why start cookie names with `__Host-`or `__Secure-` ([MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#cookie-namecookie-value)) PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/XVET7C/ Cassiopeia Benjamin W. Broersma PUBLISH MREBV9@@program.why2025.org -MREBV9 Containing the Horror — A Critique on Docker & Co en en 20250811T150000 20250811T155000 0.05000 Containing the Horror — A Critique on Docker & Co This talk includes a brief history of container solutions while challenging a number of common assumptions. While geared at a more seasoned audience, the presentation is very much from the perspective of the ‘plumbing layers,’ which comes with the discussion of many core concepts of Docker/OCI. Hence this should be beginner-friendly to a degree. Mild audience participation is to be expected; may contain traces of DevOps. Keywords: containers; cloud; linux; docker; oci; kubernetes PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/MREBV9/ Cassiopeia Stephan Hohmann PUBLISH FQNMBE@@program.why2025.org -FQNMBE WHY and how would somebody cycle over 500km to a hacker conference? en en 20250811T160000 20250811T165000 0.05000 WHY and how would somebody cycle over 500km to a hacker conference? Planing and executing a plan like that, cycling more than 500km in one go demands equal parts preparation and lack of sanity. I want to share the story in an attempt to inspire people to explore their limits and achieve things that they did not think they would be able to do. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/FQNMBE/ Cassiopeia madonius PUBLISH 33HD7W@@program.why2025.org -33HD7W Reviewing live-bootstrap en en 20250811T170000 20250811T175000 0.05000 Reviewing live-bootstrap In the past two years, I spend studying stage0 of the live-bootstrap project in order to understand how it works, to find out on what sources it depends, and to create an interactive documentation hopefully helping others to understand it and review the sources. In this process, I have written programs to interpret the kaem scripts, an emulator for stage0, and a program to analyze the strace output and generate a T-diagram. In the presentation, I will talk about the steps I have taken, present the results, and also discuss ways to simplify the stage0 sources, such as developing a C-compiler targeted for compiling the Tiny C Compiler using a small stack based languages as intermediate language. Links: - https://iwriteiam.nl/Software.html - https://iwriteiam.nl/livebootstrap.html - https://github.com/FransFaase/Emulator/ - https://fransfaase.github.io/Emulator/tdiagram.html - https://github.com/FransFaase/MES-replacement PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/33HD7W/ Cassiopeia Frans Faase PUBLISH CXVW7V@@program.why2025.org -CXVW7V Die Hardcoded: Unlocking Yealink's (weakest) secrets en en 20250811T190000 20250811T195000 0.05000 Die Hardcoded: Unlocking Yealink's (weakest) secrets Communication is the cornerstone of human collaboration and vital to functional governments, flourishing businesses, and our personal lives. We take for granted that sensitive information we send through our digital communication infrastructure is only received by the intended recipient. This puts immense responsibility on communication equipment manufacturers and service providers to keep our communications safe from prying eyes. Surely we can trust a global, leading manufacturer of video conferencing, voice communication and collaboration solutions to keep our data safe, right? ...right? They may have shiny devices and their marketing slides might be impressive, but we care about what's on the inside. In this talk, we take a look at Yealink VoIP business phones and their cloud infrastructure. Come with us on a technical deep dive involving hardware hacking and firmware reverse engineering, but also listen to a story about corporate intimidation tactics and lessons on how not to treat security researchers. What we find is a security researcher's dream: hard-coded AES keys, outdated software, and lots and lots of custom C code (including cryptography!). We were not only able to run custom code on some phones, but were also able to access configuration data of their global cloud provisioning service while casually answering the age-old question: "Does it run DOOM?". This project concluded in a wide-ranging coordinated vulnerability disclosure involving the manufacturer, telecom providers, national cybersecurity agencies, and major customers, which we will also outline in this talk. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/CXVW7V/ Cassiopeia Jeroen Hermans Stefan Gloor PUBLISH PRV9UP@@program.why2025.org -PRV9UP Using deployment diagrams to explain architecture and security to everybody en en 20250811T200000 20250811T202500 0.02500 Using deployment diagrams to explain architecture and security to everybody You have seen many diagrams of computer and information systems in your career. They have been around since the early days of computing. They can be useful, but there are a few typical problems with them: • They are drawn with obscure symbols that are only understood by architects • They are drawn in an inconsistent way • They are not used to their fullest potential. In my practice I have run into these problems often, and I have found ways to turn a certain type of diagram, a simplified version of deployment diagrams, into the cornerstone of explanation of what goes on in cloud and cybersecurity. In the talk I will lead you through the basic principles, and a few examples. This will enable you to lead architecture conversations and discuss their security options. I will use examples such as key/encryption architectures, DevOps, and even your home music system. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/PRV9UP/ Cassiopeia Peter van Eijk PUBLISH 9NQTEL@@program.why2025.org -9NQTEL WHY Lightupyourbanjo en en 20250811T210000 20250811T215000 0.05000 WHY Lightupyourbanjo In the WHY Lightupyourbanjo talk, we will look at the world of banjo lights, present the new O4 model and features, apply the 5xWHY analysis on this all to explore the greater meaning, and finally we hope to bring some Light and Music to WHY 2025. https://www.youtube.com/watch?v=_j19nTYNWv4 PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/9NQTEL/ Cassiopeia Roelof van der Berg PUBLISH M3GWAJ@@program.why2025.org -M3GWAJ Retrospective: Adventures with CircuitPython en en 20250811T220000 20250811T225000 0.05000 Retrospective: Adventures with CircuitPython 1) Introduction - My (past) smart-home setup - Moonshot: my future smart-home setup 2) Projects - Thermal printer(s) - RFID scanners - Media controls - Family calendar 3) Circuitpython - Ups and downs - Circuitpython on various Microcontrollers: real-life 4) Conclusion PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/M3GWAJ/ Cassiopeia Juergen Pabel PUBLISH TFRMSB@@program.why2025.org -TFRMSB Normsetting revisited en en 20250811T100000 20250811T102500 0.02500 Normsetting revisited PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/TFRMSB/ Delphinus nelleke groen PUBLISH WQVFUN@@program.why2025.org -WQVFUN Weakpass en en 20250811T110000 20250811T115000 0.05000 Weakpass During this talk, I will present the story of the Weakpass project and the tools that were developed as part of it. Additionally, I will demonstrate how these tools have been utilized in various contexts, such as password cracking and automatic account password strength checks. The discussion will explore practical applications and the impact of these tools on enhancing security practices. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/WQVFUN/ Delphinus Steph Alyona PUBLISH JALJPD@@program.why2025.org -JALJPD Solar Sailing Serendiep en en 20250811T120000 20250811T125000 0.05000 Solar Sailing Serendiep Sailing is among the most efficient modes of cargo transport. Yet in the much needed transition away from fossil it seems to be falling behind other sectors. We set ourselves the challenge to be sailing electrically, to harvest the energy needed on the ship itself, and to do all this with open tech and second hand parts, taking advantage of an upcoming category of e-waste and achieving a minimal budget as a result. In this talk we'll present a rundown of all the hurdles on the way, how they were overcome or which consequences they have for thoroughly low impact transport. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/JALJPD/ Delphinus Harmen Zijp PUBLISH DJKYA7@@program.why2025.org -DJKYA7 Hacking the Aeotec Smart Hub: The little hub that could en en 20250811T140000 20250811T145000 0.05000 Hacking the Aeotec Smart Hub: The little hub that could Usually extracting the firmware of an IoT device is easy. The firmware is often not encrypted on flash and debug interfaces such as UART are often exposed and left open. This was our assumption when we started investigation the Aeotec. However, we turned out to be very wrong on our assumptions. The Aeotec firmware is actually encrypted on flash, with a key that is stored in OTP. Furthermore, all debug interfaces such as UART were closed down. This meant we needed to go through great lengths, first doing in-circuit dumping of the flash, then breaking the encryption configuration in order to get code execution on the APCPU. Our goal was to do vulnerability research, but we ran out of time for that. By sharing our process, we hope to help others who are interested in this or other devices with a similar configuration. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/DJKYA7/ Delphinus Daan Keuper Thijs Alkemade PUBLISH EFJTHQ@@program.why2025.org -EFJTHQ Lightning Talks en en 20250811T150000 20250811T155000 0.05000 Lightning Talks Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.why2025.org/Lightning_Talks PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/EFJTHQ/ Delphinus PUBLISH QNH3VU@@program.why2025.org -QNH3VU 🛡️ Linux Permissions and Hardening en en 20250811T160000 20250811T162500 0.02500 🛡️ Linux Permissions and Hardening The first point a "normal" user encounters Linux permissions, is often when he wants to execute a downloaded file (from the internet) - requiring him to set the executable-bit... But this one bit is just a part of a much larger world of the Linux permissions - starting with the usual umask-reduced "drwxrwxr-x" and including access-contol-lists for more complex scenarios. The learned concepts can then be applied onto not only files, but also devices (e.g. using udev)... Most users also know how to bypass "Permission Denied" touble (by just using "sudo"), but how does that actually work? But managing access to files and devices from the users perspective is just one side of Linux security, as one can also apply these filtering logic onto system-calls programs make: For this we will take a quick look into SELinux and AppArmor, two of the more popular hardening frameworks and how their rulesets work. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/QNH3VU/ Delphinus simonmicro PUBLISH NLDDV7@@program.why2025.org -NLDDV7 From barking to Meow: mature pentesting en en 20250811T170000 20250811T175000 0.05000 From barking to Meow: mature pentesting This talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight. We begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight. MIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings. In this session, we’ll cover: - How MIAUW works: from the first conversation to the final deliverables. Why including an auditor raises the bar for quality, traceability, and board-level trust. - Real-world stories of organizations that transformed their security posture through structured offensive testing. - How to get started with MIAUW, even when working with external testing partners. Whether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/NLDDV7/ Delphinus Brenno de Winter Mischa Rick van Geelen PUBLISH 3QQLRN@@program.why2025.org -3QQLRN Building Bitchat: Offline first protocols and E2E Encrypted Social Apps with Nostr, Noise, and MLS en en 20250811T190000 20250811T195000 0.05000 Building Bitchat: Offline first protocols and E2E Encrypted Social Apps with Nostr, Noise, and MLS Building truly private social applications isn't just about adding encryption - it's about rethinking how we build social spaces. By combining Nostr's decentralized protocol with MLS's efficient group encryption, we can create social apps that are both private and practical. The talk walks through: Technical Foundation: - How Nostr works: events, relays, and NIPs - Understanding MLS tree-based group key management - Implementing encrypted groups that actually scale - Real-world performance and security considerations Practical Building: - Tour of working libraries - Open source apps you can use today - Common implementation challenges and solutions - Live coding of a basic encrypted group chat Beyond the Code: - Why traditional platform encryption fails - How forking solves community governance - Building tools that empower rather than control - Real examples from nos.social and communities.nos.social You'll leave understanding not just the protocols, but how to build real applications that respect privacy and community autonomy. We'll look at actual code running in production, discuss practical challenges we've solved, and show how you can start building your own encrypted social tools today. This isn't just theory - everything shown is running in production now. Whether you're interested in cryptography, social protocols, or just want to build better tools for human communication, you'll get concrete knowledge you can use. Prerequisites: Basic familiarity with public key cryptography helpful but not required. Examples will use JavaScript/TypeScript but concepts apply to any language. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3QQLRN/ Delphinus rabble PUBLISH EPLPXJ@@program.why2025.org -EPLPXJ Bass: because we need more ethical players en en 20250811T200000 20250811T202500 0.02500 Bass: because we need more ethical players In a band, bass players can play different roles. In most cases, the role of the bass player is a supporting one. However, there are multiple ways of playing the bass: you can support from the shadows, but also take a more central place. You can be laid back and lazy, but also driving the band forward. In any case, you can steer the band, even though you're not the front person. Not many musicians consider the bass player the most important person in the band, but that is mainly because they never look under the surface. In a professional team, you might consider yourself a bass player: you keep the music flowing, try to be not too obvious, but all the time making sure that everyone can play their part. Within the realm of IT, there is a great number of bass players. They carry the music for all organizations. There is great power in this role, and as we all know from Voltaire (well, most will know it from Uncle Ben): with great power comes great responsibility. In this presentation, we will be looking into the ethics of bass playing. And the bass is in itself a very ethical instrument: while guitars are often distorted, basses are generally played clean. And obviously, special attention will be given to upright bass playing, as this shapes the core of ethical musicianship. PUBLIC CONFIRMED Talk (25 minutes) https://program.why2025.org/why2025/talk/EPLPXJ/ Delphinus Erik Meerburg PUBLISH AVK8PL@@program.why2025.org -AVK8PL Energizer for brains and bones en en 20250811T103000 20250811T113000 1.00000 Energizer for brains and bones Hi, I am Dana and work as a teamtrainer / outdoor guide. I work with kids, teens, adults - and I am ever so often amazed how easy and fast we are connecting with each other while moving and laughing and trying to do more or less ridiculous tasks. We would meet somewhere on a field and do a lot of playing and trying stuff. I am very looking forward to having fun and inspiring (a bit of) our muscles and minds together :o) Most of the games and exercises are suitable for persons in wheelchairs or otherwise bodily constricted; we will take whatever challenge it takes to find adaptions for the tasks at hand, so everyone can join in. HOW MANY: min 8, max 30 persons. HOW OLD: min. 6 years old, only when accompanied by an adult. HOW LONG: 30-90 min (however the requests...) HOW OFTEN: I don´t know: maybe every day except the last? WHEN: a good time would be around 10:00 in the mornings or later in the evening, (maybe 17:00), depending how hot the weather would be and if we would find a place in shadows PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/AVK8PL/ Workshop Euclid Dana PUBLISH GRETEG@@program.why2025.org -GRETEG Workshop Flamethrower 101 en en 20250811T113000 20250811T130000 1.03000 Workshop Flamethrower 101 The workshop has 8 to 10 tables for building available. Please let me know via why2025@area42.industries if you would like to attend and build so that we can reserve a table for you. We can provide complete kits at cost, and we will also provide a limited amount of propane for testing. Please note that if you bring your own kit, we cannot guarantee that it will fit together and work reliably. Building flamethrowers is mainly a plumbing problem: getting the right fittings and materials is the key. The kit details are available in this [google doc](https://docs.google.com/document/d/1lnqjfUdFHPhpqA8Jq59G56lh4KdznPbwPEVS6Ctg960/edit?usp=sharing) If you want us to provide the kit at cost, please contact me at why2025@area42.industries. I expect the cost to be between 200-250 euros. If you just need the fire extinguisher then let me know as well. PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/GRETEG/ Workshop Euclid Mike Wessling (Area42) PUBLISH UUJFDQ@@program.why2025.org -UUJFDQ Let's break some AI en en 20250811T140000 20250811T160000 2.00000 Let's break some AI PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/UUJFDQ/ Workshop Euclid Satu Korhonen PUBLISH GRETEG@@program.why2025.org -GRETEG Workshop Flamethrower 101 en en 20250811T160000 20250811T173000 1.03000 Workshop Flamethrower 101 The workshop has 8 to 10 tables for building available. Please let me know via why2025@area42.industries if you would like to attend and build so that we can reserve a table for you. We can provide complete kits at cost, and we will also provide a limited amount of propane for testing. Please note that if you bring your own kit, we cannot guarantee that it will fit together and work reliably. Building flamethrowers is mainly a plumbing problem: getting the right fittings and materials is the key. The kit details are available in this [google doc](https://docs.google.com/document/d/1lnqjfUdFHPhpqA8Jq59G56lh4KdznPbwPEVS6Ctg960/edit?usp=sharing) If you want us to provide the kit at cost, please contact me at why2025@area42.industries. I expect the cost to be between 200-250 euros. If you just need the fire extinguisher then let me know as well. PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/GRETEG/ Workshop Euclid Mike Wessling (Area42) PUBLISH EQ3HHU@@program.why2025.org -EQ3HHU Balloon folding for kids en en 20250811T110000 20250811T123000 1.03000 Balloon folding for kids ``` _________ .___ .___ \_ ___ \ ____ _____ ____ _____ ____ __| _/ __| _/____ / \ \/ / _ \ / \_/ __ \ \__ \ / \ / __ | / __ |/ _ \ \ \___( <_> ) Y Y \ ___/ / __ \| | \/ /_/ | / /_/ ( <_> ) \______ /\____/|__|_| /\___ > (____ /___| /\____ | \____ |\____/ \/ \/ \/ \/ \/ \/ \/ ___. .__ __________ _____ ____ \_ |__ _____ | | ____ ____ ____ / ___/ _ \ / \_/ __ \ | __ \\__ \ | | / _ \ / _ \ / \ \___ ( <_> ) Y Y \ ___/ | \_\ \/ __ \| |_( <_> | <_> ) | \ /____ >____/|__|_| /\___ > |___ (____ /____/\____/ \____/|___| / \/ \/ \/ \/ \/ \/ _____ .__ .___.__ _/ ____\____ | | __| _/|__| ____ \ __\/ _ \| | / __ | | |/ \ / ___\ | | ( <_> ) |__/ /_/ | | | | \/ /_/ > |__| \____/|____/\____ | |__|___| /\___ / \/ \//_____/ ``` PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/EQ3HHU/ Workshop Giotto Frank Breedijk PUBLISH TBGDLB@@program.why2025.org -TBGDLB Coderdojo Robotics @WHY2025 nl nl 20250811T150000 20250811T170000 2.00000 Coderdojo Robotics @WHY2025 👨‍💻 Wat gaan we doen? Je leert hoe een microcontroller werkt Je programmeert in Codecraft Je maakt je eigen project zoals een: - Inbraakalarm - Slim lichtsysteem - Weerstation En natuurlijk testen we alles uit in het echt! 🎒 Wat moet je meebrengen? Een eigen laptop (Windows of Mac) Installeer vooraf de gratis Codecraft-software via deze link: 👉 https://ide.tinkergen.com/download/en/ Ben je jonger dan 10? Neem dan ook een oudere begeleider mee die je kan helpen 🧠 Geen ervaring met programmeren? Geen probleem! We beginnen vanaf nul. Als je nieuwsgierig bent, graag dingen bouwt of ooit al met Scratch gewerkt hebt, dan zit je hier helemaal goed! Sessions will be given in dutch but we can accommodate english participants. PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/TBGDLB/ Workshop Giotto Jan Tiri PUBLISH NKZWRM@@program.why2025.org -NKZWRM LED Strips Everywhere for Everyone! en en 20250811T213000 20250811T230000 1.03000 LED Strips Everywhere for Everyone! LED strips have become really inexpensive. And many people have created easy methods of controlling the color and brightness of individual LEDs in LED strips. This workshop will show you a couple of easy and fun ways to control LED strips, and to make them do what you want. I'll show you everything you need to know to use existing Arduino programs -- and how to hack Arduino programs -- to control the colors in your world with LED strips. **Workshop Itinerary:** * Intro to color theory and Red-Green-Blue _(RGB)_ LEDs * Brief intro to Arduino * How to use an Arduino to control an LED strip * Some demos of programs you can download for free **Materials cost:** The workshop is free, but if you would like to partake in the hands-on aspects of the workshop, Mitch will have materials for **€20**. _**Optional:** Bring your laptop if you want to go home with the free Arduino software installed on it._ _Arduino software runs on Windows, MacOS and Linux (any version is fine):_ [Arduino software](https://www.arduino.cc/en/software) PUBLIC CONFIRMED Workshops (90 minutes) https://program.why2025.org/why2025/talk/NKZWRM/ Electronics (Hardware Hacking Village) Mitch PUBLISH QFFLJU@@program.why2025.org -QFFLJU Jane Blondas - Dance, Sweat & Shine en en 20250811T150000 20250811T160000 1.00000 Jane Blondas - Dance, Sweat & Shine PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/QFFLJU/ Party Stage PUBLISH 8N8Q8J@@program.why2025.org -8N8Q8J TRIGGRRD - Experimental Improvisation en en 20250811T200000 20250811T210000 1.00000 TRIGGRRD - Experimental Improvisation PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/8N8Q8J/ Party Stage PUBLISH 7W9GTM@@program.why2025.org -7W9GTM Afturmath - Synthesis, Lasers, and Soundscapes en en 20250811T213000 20250811T230000 1.03000 Afturmath - Synthesis, Lasers, and Soundscapes PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/7W9GTM/ Party Stage PUBLISH 7S8KZH@@program.why2025.org -7S8KZH Silent Disco with DJ Luna en en 20250811T230000 20250813T040000 5.00000 Silent Disco with DJ Luna PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/7S8KZH/ Party Stage PUBLISH SEYTWK@@program.why2025.org -SEYTWK Movie: E.T. the Extra-Terrestrial en en 20250811T233000 20250812T020000 2.03000 Movie: E.T. the Extra-Terrestrial https://www.imdb.com/title/tt0083866/ Location: next to Party Area Terrace PUBLIC CONFIRMED Entertainment https://program.why2025.org/why2025/talk/SEYTWK/ Party Area PUBLISH FHLCMR@@program.why2025.org -FHLCMR The Well Is Poisoned — Now What Shall We Drink? en en 20250812T110000 20250812T115000 0.05000 The Well Is Poisoned — Now What Shall We Drink? Have you noticed how the **good stuff** on the Internet is increasingly hidden behind bot checks, subscriptions and paywalls? And that it's getting harder and harder to find things online due to LLM pollution? Welcome to the club! You are in the right place. In this talk I'll highlight some of the most egregious examples, consider how we can best preserve _low background information_ for future generations, and how we can use small web techniques like **self-hosted blogs and static site generators** to bootstrap a new infosphere that doesn't rely on a handful of _hyperscale operators_. I'm particularly interested in how we can _federate and syndicate search_, learning from protocols and standards like RSS and ActivityPub. As part of the talk I'll give you some practical tools and approaches to try. If you find this interesting, consider joining us in the [SearchClub](https://matrix.to/#/#searchclub:matrix.org). **Let's have fun building the new Internet together!** PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/FHLCMR/ Andromeda Martin Hamilton PUBLISH LLRPVY@@program.why2025.org -LLRPVY OpenStreetMap for beginners en en 20250812T120000 20250812T125000 0.05000 OpenStreetMap for beginners OpenStreetMap is an open database of geodata and has become the biggest geodataset of the world. It is often called 'the wikipedia of maps' and is getting used in more and more applications - from grassroot movements to big corporations. A tremendous lot is possible, but it can be confusing to get started and to dive into the ecosystem. In this talk, I'll give a high-level overview of OpenStreetMap and answer the most important questions: - What is OpenStreetMap (and what is it not?) - What applications exist? - What tools exist? - How can one contribute? - How can one export data? - How can one get in touch with the local mapping community? No previous experience with mapping or GIS needed! This is a talk, so you don't have to bring anything. However, if you need some help with your first OSM-edits, I'll stick around after the talk to get you started. In that case, it might be useful to bring your laptop (or smartphone) PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/LLRPVY/ Andromeda Pieter Vander Vennet PUBLISH KUVEEL@@program.why2025.org -KUVEEL Scaling up victim notification, because crededential theft is scaling up too... en en 20250812T140000 20250812T145000 0.05000 Scaling up victim notification, because crededential theft is scaling up too... Credential theft is on the rise. Cybercriminals are gettings smarter and more efficient. Why hack in, if you can log in? At the DIVD we see this trend in the cases where we assist with notifying victims of credential theft. Where our first such cases started with a mere threehundred-something credentials we are now sometimes faced with credential dumps that contains millions of even billions of credentials. How can we scale this up, what problems did we face, how did we solve them, and what haven;t we solved yet? PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KUVEEL/ Andromeda Frank Breedijk PUBLISH RJTUR8@@program.why2025.org -RJTUR8 Rush hour rodeo and traffic cam selfies en en 20250812T150000 20250812T155000 0.05000 Rush hour rodeo and traffic cam selfies The session will start with providing a bit of context on why the project was started, what was already going on at that time and why the muncipality of the Hague had further questions for which they needed a hacking team. We then discuss how we approached the project in a complex environment, where APT threats are involved and how that changes how you assess certain systems and features. The core of the presentation focuses on disclosing the actual vulnerabilities found within the systems, how we went through the full cyber kill chain within the environment and what that actually means in the physical realm if this had been exploited with malicious intent. Finally we end the presentation with some details on how the discovered issues were addressed and what general lessons can be learned from this project that could also be applicable for other similar environments. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/RJTUR8/ Andromeda Willem Westerhof PUBLISH VSKJMH@@program.why2025.org -VSKJMH Closing en en 20250812T160000 20250812T165000 0.05000 Closing PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/VSKJMH/ Andromeda Boekenwuurm PUBLISH KVXYMB@@program.why2025.org -KVXYMB Towards digital sovereignty with cloud federation: how to break the dominance of the hyperscalers en en 20250812T110000 20250812T115000 0.05000 Towards digital sovereignty with cloud federation: how to break the dominance of the hyperscalers PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/KVXYMB/ Brachium Wido PUBLISH MPH9CD@@program.why2025.org -MPH9CD How election software can fail en en 20250812T120000 20250812T125000 0.05000 How election software can fail After critically following the elections for 8 years from the outside, a hacker was employed as one of the functional administrators of the software supporting the elections. Sharing experiences of the use of election software during 7 elections (2020-2023), from local, national to European in The Netherlands. A governmental software project with strict deadlines, and high security expectations. The software project for elections in The Netherlands is build an IT organization owned by German local governments. More than 10.000 Java files, what can possible go wrong? During this time multiple emergency patches were needed and incidents occur. Although at first explicitly not hired as a coder, within 3 months a Java code contribution was made that was unexpectedly more crucial than anticipated. This talk will show some incidents with the election software in The Netherlands: how the software failed, and when/how it was discovered. Go over how seeing the elections from the outside, and give some history of voting computers and software. Ending with some reflecting on the future. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/MPH9CD/ Brachium Benjamin W. Broersma PUBLISH NCFHN3@@program.why2025.org -NCFHN3 How to become your own ISP en en 20250812T140000 20250812T145000 0.05000 How to become your own ISP Ever wanted to become sovereign on the internet? Want to know what its like to run an ISP? Are you a sysadmin that wants to learn more about networking? Then you're at the right place. This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and what you need to do if you want to participate. You will walk away with practical knowledge on how you can get started. We'll also take a short tour of my own network, how I set it up and what I use it for. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/NCFHN3/ Brachium Nick Bouwhuis PUBLISH ALPRVC@@program.why2025.org -ALPRVC Abacus: Open source software for the Dutch Elections en en 20250812T150000 20250812T155000 0.05000 Abacus: Open source software for the Dutch Elections "The software used in elections is developed open source", according to the Dutch law on elections. As we are working on this software at the Dutch Electoral Council, we want to share our experience and invite you to check out our progress so far. We'll go into our development process and technical choices, show some of the cool contributions we received, some of our own code and show what happens when a small government organisation decides to take software development into its own hands. At the talk both the lead developer and teamlead are present, to be able to elaborate on the actual development and on the management of such a project. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/ALPRVC/ Brachium Niels Hatzmann Mark Janssen PUBLISH TUD7EB@@program.why2025.org -TUD7EB Hacked in translation: Giving an Abandoned IoT Device a New Life en en 20250812T110000 20250812T115000 0.05000 Hacked in translation: Giving an Abandoned IoT Device a New Life PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/TUD7EB/ Cassiopeia Artem Makarov PUBLISH NZRWGU@@program.why2025.org -NZRWGU Time Lord's adventures: abusing time on Linux systems en en 20250812T120000 20250812T125000 0.05000 Time Lord's adventures: abusing time on Linux systems This talk explores the consequences of full control over time on a Linux system. We’ll start with a brief overview of how system clocks work, highlighting common assumptions made by applications and security mechanisms. The focus will be on local manipulation of the system clock — jumping forward, rewinding, or freezing time — and the unexpected ways software can break when time becomes unreliable. Through practical examples, we’ll see how time-based defences and logic can be bypassed, exposing vulnerabilities that often go unnoticed. Not every issue leads to a full exploit, but many reveal fragile trust assumptions rarely tested in real environments. This talk is for hackers, tinkerers, and developers who’ve ever relied on `sleep(1)` as a defence mechanism. You might rethink your assumptions about time-based security after attending. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/NZRWGU/ Cassiopeia Daniels Heincis PUBLISH NPLUCC@@program.why2025.org -NPLUCC The Neuroscience of Psychedelics en en 20250812T120000 20250812T125000 0.05000 The Neuroscience of Psychedelics Title got you looking? Good :) Welcome! In this session, I want to endeavor to introduce you to some of the things that really float my boat: Neuroscience (read: the Brain as understood through biology and psychology) and Psychedelics. Listen, as I aim to connect my studied, experiential knowledge to whatever mileage you may pack. Give me a chance to explain why I think Anarchy is a biological state; how drugs have come quite a way; where we are with returning to access to these tools for the 'Betterment of Well People'; and how I think we can take action for even better prognoses of the positive outcomes from this new research. Come out, come out, wherever you are.. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/NPLUCC/ Delphinus Indivisual PUBLISH RMHF3N@@program.why2025.org -RMHF3N ISMS-oxide and you (Information-Security-Management-System for hackers) en en 20250812T140000 20250812T145000 0.05000 ISMS-oxide and you (Information-Security-Management-System for hackers) Agenda: 1) Introduction - Management-Systems - Information-Security-Management-Sytems (ISO 27001, German BSI IT-Grundschutz) 2) Theory - Corporate overlords (a.k.a "hacking ISMSes") - Risk-Management - Compliance(-Reporting) - Certifications 3) Reality - What? Why? How? - Anecdotes 4) Conclusion PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/RMHF3N/ Delphinus Juergen Pabel PUBLISH 3EHJGJ@@program.why2025.org -3EHJGJ Can we trust the Zero in Zero trust? en en 20250812T150000 20250812T155000 0.05000 Can we trust the Zero in Zero trust? If we look beneath the surface, we find a lot of code that we trust in zero trust environments without realising it. Istio containers in service meshes, key management systems in SSH/Ansible environments and a whole lot of legacy code in confidential computing require trust in strange containers, ex-employees and attestation processes and a CI/CD pipeline for microcode in the cloud. What questions should we ask ZT? As the management of keys is crucial for TLS (encryption on transport), disk encryption (encryption on rest) and the new kid on the block confidential computing (encryption of data in use) we look under the carpet of implementations and raise a lot of questions to ask if implementing the concept. This immediately affects any digital souvereignty. PUBLIC CONFIRMED Talk (50 minutes) https://program.why2025.org/why2025/talk/3EHJGJ/ Delphinus Thomas Fricke PUBLISH SGTVJX@@program.why2025.org -SGTVJX Writin' me a RUST en en 20250812T110000 20250812T130000 2.00000 Writin' me a RUST Rust is an up-and-coming, safe and performant programming language with some very funky, novel features. In this workshop you'll learn about the Rust programming language and write your first simple Rust program. Suitable to anyone with basic programming knowledge, you don't have to be an expert. This session will be about half presentation, half practical. Come with a laptop prepared to write some code. Please get Rust installed before the session, which is very quick easy to do on any platform via: https://www.rust-lang.org/tools/install PUBLIC CONFIRMED Workshop (120 minutes) https://program.why2025.org/why2025/talk/SGTVJX/ Workshop Euclid Mattsi PUBLISH GADUHS@@program.why2025.org -GADUHS Mobiele Energy en en 20250812T110000 20250812T140000 3.00000 Mobiele Energy INgrid Energy <3 _.--""-._ . ." ". / \ ,^. /( Y | )\ / `---. |--'\ ( \__..'-- - -- -'""-.-' ) | :| `> '. l_..-------.._l .' | __l;__ .' "-.__.||_.-'v'-._||`"----" \ .-' | | ` l._ _.' \/ | | l`^^'^^'j | | _ \_____/ _ j | l `--__)-'(__.--' | | | | /`---``-----'"1 | ,-----. | | )/ `--' '---' \'-' ___ `-. | | // `-' '`----' / ,-' I`. \ _ L |_ // `-.-.'`-----' / / | | `. \ '._' / \ _/( `/ )- ---' ; /__.J L.__.\ : `._;/7(-.......' / ) ( | | | | `._;l _'--------_/ )-'/ : |___. _._./ ; | | .__ )-'\ __ \ \ I 1 / / `-' / `-\-(-' \ \ `.| | ,' / \__ `-' __/ `-. `---'',-' )-._.-- ( `-----' )( l\ o ('..-. _..--' _'-' '--'.-. | __,,-'' _,,-'' \ \ f'. _,,-' \ \ ()-- | \ \ \. | / \ \ \ |._ | \ \ | ()| \ \ \ / ) `-. | | // .__) | | _.//7' | | '---' j_| ` (| | | \ |lllj ||||| -nabis PUBLIC CONFIRMED Workshop (180 minutes) https://program.why2025.org/why2025/talk/GADUHS/ Workshop Giotto steven hoes Rob Verwer