Botnets are the Best Way to Measure User-Hostile Behavior on the Internet

David Sidi

Today there are two dominant approaches to measuring behavior at scale on the web without the cooperation of service providers: there are bot farms, which run automated browsers on infrastructure controlled by the measurer; and there are instrumented extensions that run on the browsers of individuals who have agreed to participate.

Bot farms are bad because it's hard to measure everything that is interesting to study in a fully automated way; extensions are bad because for them the measurements follow the participant's use of the service, whereas directly controlling what is measured is often useful in a study (plus, there are privacy risks).

The best way to measure behavior on the web is with a botnet. Botnets are distributed over participant computers, so bots can mix in requests to a human alongside automated measurements. On the other hand, where bots go, and what they ask about, is fully specifiable in a botnet study.

In this talk we'll see how best to build a measurement botnet: isolating the bot on the participant's system, deciding when to run, deciding when to ask for human help and how to share achievements with them, and avoiding detection as a bot to improve study validity.

At the end, there will be a discussion about why any of this matters: botnets have always let individuals cooperate to participate in causes they believe in, from fighting COVID-19 with @home, to DDoS as political action, to breaking weak ciphers with That's true of measurement botnets too. There is little awareness today of actions taken against our interests: botnets can help.

Cat-Shaped Hacker Hardware: How I Accidentally Made a Business at 18

Alex Lynd

Education-focused hardware fails to fill gaps of knowledge in niche areas of computer science (like cybersecurity), often begetting compromises in user accessibility. When Alex set out to design the "WiFi Nugget" - a beginner-friendly, cat-shaped development board catered towards cybersecurity beginners - he was faced with unique challenges in creating a platform that brought both ease-of-use and extensibility to users. He wanted a hands-on design that would make it easy for beginners to learn daunting topics like WiFi security and USB attacks through a guided, streamlined interface - while also offering accessible hardware and software modularity.

Striking a balance between both while attempting to successfully bring a niche product to market engendered interesting design problems. Learning to surmount these challenges - in effective interface design, hardware prototyping, supply-chain management, and more - has since scaled this project into a successful startup that creates cybersecurity-focused content around an open-source project, and allows for employing budding makers in the local community to help assemble products.

The current iteration of the Gameboy-esque WiFi Nugget allows beginners to assemble a DIY kit including a screen, D-Pad button interface, multicolor LED, WiFi microcontroller, and 3D printed enclosure. And through (cat-themed) software like the "Nugget Invader," users can learn and test out common WiFi attacks through an intuitive interface while getting reactive feedback via cute cat graphics and a colorful LED indicator. Other software like the "RubberNugget" also allows users to explore hacking techniques such as HID attacks, letting them deploy DuckyScript keystroke injection payloads and more.

The multifaceted WiFi Nugget has been the centerpiece of community workshops, allowing for the teaching skills in hardware assembly and design, WiFi hacking, Python scripting, and more - and also is fostering the growth of the hacker community by empowering beginners with free, open-source educational content. In this talk, Alex will discuss the challenges he faced in designing a niche, education-focused tool for cybersecurity beginners, and he will outline how his design choices grew this project into a successful startup in six months.

CHERI: A Modern Capability Architecture

Nathaniel Wesley Filardo (nwf)

CHERI (Capability Hardware Enhanced RISC Instructions) is an architectural extension to existing processor Instruction Set Architectures (ISA) that introduces capability-based memory protection. It has been realized atop MIPS64 and RISC-V in a variety of open-source FPGA soft-cores and atop 64-bit ARMv8.2a in the Morello research prototype, a 2.5GHz, 7nm, 4-core SoC. Capability-aware forks of the FreeBSD distribution, the LLVM tool chain, PostgreSQL, QT, KDE, and WebKit are under active development, as are gcc and Linux. CHERI's instantiations are formally specified and key security properties are proven.

Using CHERI's mechanisms, software can efficiently implement fine-grained, reliable, spatial, and temporal memory protection and scalable compartmentalization without needing to resort to MMU-based isolation. Though common wisdom holds that hardware capability systems are impractical, CHERI achieves its goals with low overheads while retaining compatibility with C, including modern features such as dynamic linking and thread-local storage.

CHERI occupies a unique point in the design space of architectural security work. It is a fundamental redesign of the abstract machine seen by system software programmers - the first such to the commodity abstract machine since the introduction of virtual memory - while still being a valid target for C programs. Unlike most of its competition, its security guarantees are deterministic, not probabilistic, and do not depend on secrets, reducing the risks posed to software by side-channels. All of these properties, together with the apparent viability exhibited across the decade-long research program, mean that CHERI is widely considered to be one of the few paths towards "getting to done" with vulnerabilities.

While the fundamentals of CHERI have not changed, the HOPE audience has likely not had very much exposure to the topic. Moreover, the availability of Morello silicon changes the story from "something that might have worked well with CPU designs in the 80s and 90s, but is only available in simulation now" to "this might actually be real, and might be part of the commercial ecosystem in five to ten years."

Creating a General Purpose Network Through Wireless Mesh

Jameson Dungan

This talk will cover the creation of a resilient and redundant network across the region using wireless technology independent of the Internet. A lot of local data can be collected through various radio protocols such as weather and NOAA satellite data, airplane and ship traffic, and time. All of this data can be collected and processed with SDRs and Raspberry Pis. Offline repositories and mirrored sites can be hosted on this network, such as Wikipedia, medical encyclopedias, Project Gutenberg (every book in the public domain), TED, YouTube, Stack Overflow, and many others.

This talk will explore the trials and errors learned in creating this network from the physical to Layer 3 routing, how to build cheap antennas, the hardware used, and how they're solar/battery backed up. The coverage of the network can even be expanded using amateur radio frequencies for those with licenses to send TCP/IP packets over digital radio and plug into existing ham infrastructure including global SMS, phone, and global email with and without an Internet connection. The network infrastructure can be expanded by anyone wanting to join the network and host more resources, expand coverage, content, and serve as communications in an emergency or extended grid-down situation.

Cyber Security Certifications: The Good, The Bad, and The Ugly

Tom Kranz

As hackers, we all have unique skills and abilities that are in huge demand globally. How can we demonstrate to non-technology people - HR and hiring managers - the value of the work we've done? Increasingly, everyone is turning to certifications as a way to demonstrate their knowledge and skills. But with so many certifications to choose from, and with courses and exams costing so much, how can we know which ones improve our job application and career prospects - and which ones hold us back? In this presentation, Tom will share his experiences from 30 years in the security industry - looking at the range of entry-, mid-, and high-level certifications. He'll share what he looks for when hiring and building out his teams, how he evaluates candidates and their certifications, and which ones he recommends (and which to avoid) for people at all stages of their career.

Engineering Your Own Disease Eradication Program

Mixæl S. Laufer of The Four Thieves Vinegar Collective

How many times have you read a PopSci article claiming that a cure or a treatment of a disease has been discovered, only to never hear about it again? Sometimes it's because the journalists were a little overzealous in their estimations. But just as often it's merely because the treatment won't play well in the marketplace, and the cure just sits on the shelf, inaccessible. The Four Thieves Vinegar Collective has been busy the last few years, not only unearthing specific examples of this, but also developing tools for individuals to develop their own discovery and manufacture processes. At this talk, a number of therapeutic regimens will be released, along with the newest version of the MicroLab, and online tools for chemical synthesis pathway discovery, which will go live for the first time and be accessible to the audience in real time during the talk. Requests will even be taken live on stage. It's worth stopping by and seeing if there's an easy way to cure or treat the disease you think is the most important to cure.

Executive Order 14028 and Zero Trust Architecture - Now We Must, But What It Means?

Harri Hursti

The President's executive order on "Improving the Nation's Cybersecurity" (14028) issued on May 12, 2021 started a process, which was followed on January 26, 2022 by a "Federal Strategy To Move the U.S. Government Towards a Zero Trust Architecture." This calls for wide cooperation between government, public, and private sectors. The executive order also calls for "enhancing software supply chain security" with an emphasis for which open source software would be the most reasonable solution. As response to the recent war in Ukraine, major governments have asked the private sector to "shield up," increasing the urgency of adaptation on the private sector - and recent successful penetrations of critical systems overseas should be seen as a foreshadowing of things to come.

Zero Trust is a journey, and an over-hyped term. What does it mean in this context? The cornerstone these implementation requirements are built upon is the "identity management," not only for humans, but also for devices, instances, and services. "Once in a million" used to be a moniker for acceptable risk, but with the rate velocity of business and the volumes that transactions have reached, it may translate to seconds instead of years. And the elephant in the room: How do we manage identities without sacrificing privacy?

Hacking the Anthropocene: Life, Biological Complexity, Freedom!

Abi Hassen; Isaac Overcast, PhD

Living systems reuse everything. From metabolic pathways, to DNA and amino acids, to nutrient cycles - modularity, extensibility, and re-use are fundamental to the evolution and sustenance of complex life. Living systems are robust and adaptable precisely because of their ability to reconfigure without needing to "re-invent."

Many social systems are quite the opposite. They are oriented around forms of power (e.g. property, secrecy, inequality) that stifle and prevent the relations that characterize life. If we look at the world through this lens, we might call social/economic/legal/political systems that enable repairability, interoperability, and maintainability (i.e., hackability) systems of life - and those that prohibit hackability systems of death.

This session will explore a hacker ethos that envisions freedom as something more complex and entangled than individual autonomy - i.e., beyond the right to reuse code or repair devices as a matter of individual rights and toward a vision of a hackable world. It will start with a brief exploration of the dynamics of systems of life, and then discuss some examples of hacking as a living process and some conceptual tools for applying this view while focusing on some of the major impediments.

Masking Threshold

A Film by Johannes Grenzfurthner

Conducting a series of experiments in his makeshift home-lab, a skeptic IT worker tries to cure his harrowing hearing impairment. But where will his research lead him? Masking Threshold combines a chamber play, a scientific procedural, an unpacking video, and a DIY YouTube channel while suggesting endless vistas of existential pain and decay. Glimpse the world of the nameless protagonist in this eldritch tale, which is by no means for the faint of heart.

A discussion and Q&A with the filmmaker will follow.

The Mathematical Mesh

Phillip Hallam-Baker

Another day, another data breach compromising personal data. Why don't they just encrypt? Encryption is easy, but being able to access your encrypted data and use it on all the devices you use and share it with your co-workers is hard. The Mathematical Mesh is an open infrastructure that addresses the missing piece in Public Key Infrastructure: the management of the private keys. Devices connected to a user's personal Mesh are automatically provisioned with precisely the set of keys, credentials, and data required to perform their function. The Mesh uses structural and threshold cryptographic techniques to achieve an unprecedented level of security without requiring the user to think about cryptography or security. The only configuration steps required to configure a device to use the Mesh replace prior network and platform configuration steps. And when the Mesh code is complete, these can be made as simple as a one-time QR code scan.

Moving Beyond Amazon Self-Publishing Purgatory

John Huntington

Back in 2014 at HOPE X, John did a talk called "A Self-Publishing Success Story" detailing his process moving a book from a publisher to self-publishing on Createspace/Amazon. He had a good run on Amazon, updating the book again in 2017. Then, in 2018, Amazon merged Createspace into its "Kindle Desktop Publishing" (KDP) platform. In 2020, Huntington decided to update several paragraphs in the 475-page book, and this attempt at a simple text change led to his book being stranded in a virtual, dystopian Amazon purgatory. The only reasonable way out was to abandon Amazon KDP altogether. This led to moving everything over to IngramSpark for print copies, Google Play Books for EBooks, and DPD for individually watermarked, DRM-free PDFs.

In this talk, John will discuss the horrors of his Amazon nightmare, successfully moving onward, the self-publishing process in 2022, and the economic aspects of his recent self-publishing experiences.

Plausible Deniability and Cryptocurrency Privacy

Lane Rettig, Garrett MacDonald

Hackers around the world use cryptocurrencies like Bitcoin and Ether every day under the mistaken assumption that these networks are somehow privacy-preserving (often conflating pseudonymity for privacy). This couldn't be further from the truth, as it is in fact often easier to trace crypto transactions than fiat transactions. Even so-called private networks like Zcash and Monero aren't failsafe from a privacy perspective. However, with a few tricks and tools, it is possible to preserve privacy on cryptographic networks in a robust way. This panel will feature three privacy experts discussing best practices for obscuring one's identity and not leaving a trace while transacting on some of the most important widely-used blockchains and cryptocurrencies such as Bitcoin and Ethereum.

Proof of Vaccination Technology and Standards

Greg Newby

The technology and standards behind proof of vaccination credentials (PVCs) will be described. PVCs are implemented as human- and machine-readable documents, suitable for vaccination verification apps. The SMART Health Card standard, which is in use in the U.S. and Canada, will be introduced. Emphasis will include the data integrity and anti-fraud measures included in the technical design and workflow of PVC issuers. Some of these measures will be familiar to HOPE attendees, such as public key cryptography. The talk will also tell the story of how government and industry designed and implemented the PVC, along with the international cooperation that allowed for interoperability among jurisdictions.

Quiet! How Local-First Software Can Keep Remote Teams Safe and Unlock a New Wave of Software Freedom Activism

Holmes Wilson

The pandemic pushed more groups than ever into using online collaboration tools, but for many these tools are not safe. This talk proposes a way to improve that situation, as well as a newish approach to building such tools that could be the basis for a new era of the free software movement.

First will be a demo of Quiet, a Tor-based, peer-to-peer team chat app that is familiar and usable, but doesn't require trusting a corporate cloud, bringing one's own server, or using a friend's server. In Quiet, team member devices connect directly to each other over Tor onion services and sync data using a CRDT. (And it works well!)

Second, Holmes will show how this "sync directly over Tor" approach is generalizable beyond chat apps and can be used to build secure, autonomous alternatives to a broad class of collaboration tools that currently depend on some sort of cloud, such as Google Docs, Basecamp, Trello, Asana, Figma, 1Password, LastPass, and so on.

Finally, there will be a survey of the growing movement of thinkers and builders (sometimes calling themselves the "local-first software movement") who see a path to making this private and secure alternative approach to software even easier for small teams than building federated or cloud-dependent apps, and you will hear a rousing case for why developers and early adopters should join this awesome movement. (Spoiler: because by joining this movement you can advance the privacy and security of groups doing sensitive work right now, while at the same time laying the groundwork for a better way to make software in the future that would give all users more privacy, security, and control.)

Secrets of Social Media PsyOps


Psychological warfare thorough social media is one of the most powerful weapons in today's political battlefield. PsyOps groups have figured out how to sharpen the blade through algorithms and targeted advertising. Nation states are using PsyOps to influence the citizens of their enemies, fighting battles from behind the keyboard.

In this talk, BiaSciLab with cover a brief history of PsyOps and how it has been used both on the battlefield and the political stage - followed by a dive deep into how it works on the mind and how PsyOps groups are using social media to influence the political climate and elections worldwide.

Seize the Means of Computation: How Interoperability Can Take the Internet Back From Big Tech

Cory Doctorow

This is a talk for people who want to destroy Big Tech. It's not a talks for people who want to tame Big Tech. There's no fixing Big Tech. It's not a talk for people who want to get rid of technology itself. Technology isn't the problem. Stop thinking about what technology does and start thinking about who technology does it to and who it does it for. This is a talk about the thing Big Tech fears the most: technology operated by and for the people who use it.

Six Years Later and Worse Than Ever - The Espionage Act, Computer Fraud and Abuse Act, and What's at Stake for Activists, Journalists, and Researchers

Jesselyn Radack

Carey Shenkman

The Trump administration continued the trend of using two antiquated laws - the Espionage Act of 1917 and the Computer Fraud and Abuse Act of 1986 - as tools to restrict the public's right to know. Trump's Justice Department sent numerous truth-tellers to prison, and in 2019 charged Julian Assange, who is neither a government employee nor a U.S. citizen, under both laws. The current legal landscape has unprecedented implications for national security journalism, transparency, and the use of anonymity and source protection tools. Join two human rights attorneys who have worked closely on issues surrounding these laws for a conversation on what's at stake for activists, journalists, and researchers; the recent traction in Congress for reforming both laws; and the necessity for doing so.

Unpickable But Still Unlockable: Lock Bypass Tricks in the Field

Bill Graydon

Karen Ng

Physical red-teams rely heavily on nondestructive bypasses when doing vulnerability assessments: under-the-door tools, latch-based attacks, climbing through vents and around walls and fences. But how well do these techniques actually work in the field - when time is of the essence and it's not in a controlled training environment? This talk will focus on a plethora of real life successes, failures, and lessons learned for how to make these techniques work in practice. Karen and Bill have talked extensively about the mechanics of lock bypass in the past - most notably at the Bypass 101 sessions Karen gives with the Physical Security (formerly Lock Bypass) Village. They will recap the fundamentals of each technique here too - but now you'll get to learn from their years of experience in what actually works.

Wherever You Go, There You Are!

Tom "Mr. Icom / Ticom" Filecco

Hacking is about exploration, and although many articles about hacking may not be applicable to your area or situation for whatever reason, there is still plenty for you to explore where you live. There is the terminus of at least one data stream coming into your residence, possibly more, and a whole spectrum's worth of data and other emissions entering your home wirelessly. Some of these signals may be very close to you. There is also a local non-Internet source of knowledge and information you may not be aware of, that may help you in your hacking endeavors. This talk will attempt to bring these data streams, emissions, and sources to your attention, and show you the tools you will need to explore them. Both wireless and wired infrastructure will be covered. This is a beginner-level talk.

You'll Pay For That: Payment Systems, Surveillance, and Dissent

Alex Marthews

There has been a quiet revolution in payment systems and government power. Government efforts to track credit and banking transactions have exploded. Government efforts to discourage cash and to regulate cryptocurrencies have increased. Using examples from Canada, Ukraine, China, and Nigeria, this talk will examine these mechanisms of financial surveillance, discuss the latest innovations in government efforts to track even privacy-oriented cryptocurrencies, and highlight the debates within our community as to how to approach financial surveillance issues. What is our responsibility, as hackers, technologists, and civil liberties people to maintain the privacy from surveillance of people engaged in disfavored forms and topics of organizing and protest? Can we ensure that systems that permit freedom are able to transact privately? Without that freedom, it will be much harder to organize dissent to, well, anything.