36C3 – something for everyone – from newbie hackers to dyed-in-the-wool nerds

The Chaos Computer Club organised the Chaos Communication Congress – C36C3 for short – the largest hacker meeting in Europe, for the 36th time, with the slogan "Resource Exhaustion". As we do every year, the team from InfoGuard Pentesting and Cyber Defence Center (CDC) travelled to Leipzig up in the north of Germany along with over 17,000 security experts, hackers and other such "nerds".

In this article, we will give you our insight into the 36C3, introduce you to our Top 6 Talks and reveal why our resources were also exhausted after the four best hacker days of the year.

The 36th Chaos Communication Congress – something for everyone

The 36C3 offers something for everyone, not just die-hard hackers. When I visited the congress for the second time, I was also very impressed by the comprehensive supporting programme, which was organised again. There was an exciting programme even for the youngest hackers among us. An entire floor on the exhibition site was given over to children up to the age of 10, who were introduced to technology in a fun way. The focus was not on technology, it' was on fun. For young people, there were so-called "young hacker" events scattered throughout the convention, which provided a more in-depth introduction to the technique. This way they could get their first experiences with soldering, programming and hacking.

However, even experienced hackers are catered for at the 36C3. Every year, a "Capture the Flag", or CTF for short, is held and even the best hackers end up grinding their teeth. During the CTF different teams compete against each other in the hunt for what is called "flags". The flags are hidden in a variety of vulnerable systems and can be found by cleverly combining various vulnerabilities. The goal is to exploit the vulnerability to get the flag. Every flag scores points. The team with the most flags or points is the winner. This year, Luca Marcelli, an InfoGuard Penetration Tester and his team were there and finished sixth. His experience at Hackistanbul 2019 helped him to do it.

For those who just want to enjoy the convention, we recommend a visit to the assemblies hall. These are booths, so-called assemblies, which are organised by various communities themselves, offering visitors a lot of new things to discover, learn and experiment with. The offerings ranged from art installations to cosy lounge corners, to tables with a wide variety of technical material, where you can diligently solder, develop, create and hack.

Our Top 6 Talks at 36C3

At this year's 36C3, the 120 lectures covered many different topics. These ranged from technical "deep dives" and ethical discussions about hacking to talks with an artistic inspiration. The 36C3's slogan – "Resource Exhaustion" – was frequently the focus of attention. Most of the lectures are available online. We have compiled our list of favourites for you:

Practical Cache Attacks from the Network and Bad Cat Puns

In this presentation, Michael Kurth, a Cyber Security Analyst at InfoGuard, presented the first security analysis of Data Direct I/O – DDIO for short. Based on his analysis, he presented NetCAT, the first network-based cache attack on the last cache of the processor of a remote machine.

Hacking brains

Be it ransomware or phishing, APT attacks or stalking: humans are the most frequently exploited vulnerability. Linus Neumann spoke about the human factors in IT security.

Intel Management Engine deep dive

This talk by Peter Bosch dealt with understanding the Intel Management Engine at the OS and hardware level.

What the world can learn from Hong Kong

This talk by Katharin Tai showed how and why the inhabitants of Hong Kong have been able to maintain their movement for such a long time, even in the face of an overwhelming opposition from China. The demonstrators have developed a number of tactics that have helped them to keep arrests to a minimum. These include enforcing and maintaining anonymity, both personally and online. This talk should not be missed.

Quantum Computing: are we there yet?

This talk by Andreas Dewes provided an introduction to quantum computing and a look back at the progress we have made over the last 5 years.

Technical aspects of the surveillance in and around the Ecuadorian Embassy in London

This presentation explained and illustrated the operational and technical details of surveillance in and around the Ecuadorian Embassy in London over the time Julian Assange was holed up there.

36C3 – a look back at the four most enjoyable hacker days

Once again this year, time flew by at 36C3. However, the best hacker days of the year don’t just pass by without leaving their mark. For example, a normal convention day there begins at 12 noon and often ends in the early hours of the morning. This is because, as soon as the last lecture was done and dusted, if not sooner, massive basses and electronic beats could be heard all over the exhibition site. So, after four days of the convention, we were also completely exhausted and had used up all our resources, but those of us in InfoGuard Pentesting and the CDC team are already looking forward to sharing our highlights of the Chaos Communication Congress 2020 with you next year.

If you would like to read more blog articles from the fascinating everyday life of our pentesting and CDC team in the meantime, please subscribe to our blog updates!

Image sources:

Cover picture: bin hacken, Flickr, http://bit.ly/37YLCQv

Image 1: Simon Waldherr, Flickr, http://bit.ly/2GTlQRI

Image 2: bin hacken, Flickr, http://bit.ly/36Vc4cj

Image 3: Simon Waldherr, Flickr, http://bit.ly/2GURyhk