APT Down and the mystery of the burning data centers (39c3)

In August 2025 Phrack published the dump of an APT member's workstation. It was full of exploits and loot from government networks, cell carriers and telcos. The dump sparked a government investigation, and corpos like LG and Korea Telecom were asked to explain themselves. Hours before an onsite audit, the data center mysteriously caught fire, destroying almost a hundred servers. Then another data center burned - and unfortunately, there was even one death. The talk aims to revisit this mysterious sequence of tragic incidents. [TW: Suicide, self-harm] In August 2025 Phrack published the dump of an APT...

Gegenmacht - Best of Informationsfreiheit (39c3)

Sind mehr Infos wirklich die Lösung? Ob Jens Spahn, Philipp Amthor oder Friedrich Merz - sie alle sagen offen, was sie vorhaben und machen keinen Hehl aus ihren Verbindungen zur Trump-Regierung, zu Milliardären und der fossilen Lobby. Was bringt Transparenz in Zeiten der autoritären Wende? Transparenz braucht Rechenschaft. Ohne Konsequenzen bleibt Transparenz wirkungslos. Wie können wir also eine wirksame Gegenmacht schaffen, die Veränderungen durchsetzt? Philipp Amthors Angriff aufs Informationsfreiheitsgesetz konnten wir erst einmal abwehren - jetzt geht's in die Offensive! Mit den Highlights aus Strafanzeigen gegen Alexandeer Dobrindt, Spahns geleaktem Maskenbericht, der Milliardärslobby im Wirtschaftsministerium und...

Hegemony Eroding: Excavating Diversity in Latent Space (39c3)

Hegemony Eroding is an ongoing art project exploring how generative AI reflects and distorts cultural representation. Its name speaks to its core ambition: to bear witness to the slow erosion of Western cultural hegemony by exposing the cracks in which other cultures shine through. This talk will discuss the blurry boundary between legitimate cultural representation and prejudice in AI-generated media and how generative AI can be used as a tool to explore humanity's digital foot print. It is permeated by a critique of purely profit-driven AI development and it's tendency to blunt artistic exploration and expression. Generative...

Block Domains and Advertisements in a ZTE DSL Router

In one of my previous blog posts I showed how to install and run PiHole DNS server locally as a Docker container in your Synology NAS server. This worked great as the PiHole dashboard shows the list of identified annoying advert requests that were blocked shows.

So far I did configure my PiHole DNS server within my Chrome browser so that the browser cant load those annoying domains anymore. This worked like a charm, until quite recently Google updated Chrome browser to only allow a ‘secured DNS connection’ which actually seems a bit of a trojan horse for their own ads...

OpenTelemetry Astroshop Simulator

Astroshop is a great way of testing and running a demo scenario that offers with a large spectrum of technologies, services and a realistic problem scenario of running a real shop in serverless or Kubernetes infrastructure.

Besides, Astroshop being a great way to demo and test observability platforms such as Dynatrace and to run problem scenarios on demand, its also a bit cumbersome to deploy it for testing purposes. Imagine that you are a local developer that just needs to quickly run a test for a new feature using OTel traces and spans. Deploying Astroshop or any other scenario always comes...

Unnecessarily Complicated Kitchen – Die Wissenschaft des guten Geschmacks (39c3)

In unserer „Unnecessarily Complicated Kitchen“ hacken wir die Gesetze der Kulinarik. Ich zeige live, wie Hitze, Chemie und Chaos zusammenwirken, wenn Moleküle tanzen, Dispersionen emulgieren und Geschmack zu Wissenschaft wird. Zwischen Pfanne und Physik entdecken wir, warum Kochen im Grunde angewandtes Debugging ist – und wie man Naturgesetze so würzt, dass sie schmecken. Willkommen in der „Unnecessarily Complicated Kitchen“ – einer Küche, in der Naturwissenschaft, Technik und kulinarisches Chaos aufeinandertreffen. Wir sezieren das Kochen aus der Perspektive von Hacker*innen: Warum Hitzeübertragung ein deinen Tschunk kühlt, warum Emulsionen wie BGP funktionieren und wie sich die Kunst des...

51 Ways to Spell the Image Giraffe: (39c3)

Generative AI models don't operate on human languages – they speak in **tokens**. Tokens are computational fragments that deconstruct language into subword units, stored in large dictionaries. These tokens encode not only language but also political ideologies, corporate interests, and cultural biases even before model training begins. Social media handles like *realdonaldtrump*, brand names like *louisvuitton*, or even *!!!!!!!!!!!!!!!!* exist as single tokens, while other words remain fragmented. Through various artistic and adversarial experiments, we demonstrate that tokenization is a political act that determines what can be represented and how images become computable through...

When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons (39c3)

What happens when AI-powered criminals meet AI-powered hunters? A technical arms race where both sides are vibing their way through exploitation—and the backdoors write themselves. In October 2025, we investigated Taiwan's fake delivery scam ecosystem targeting convenience store customers. What started as social engineering on social media became a deep dive into two distinct fraud platforms—both bearing the unmistakable fingerprints of AI-generated code. Their developers left more than just bugs: authentication flaws, file management oversights, and database implementations that screamed "I asked LLM and deployed without reading." We turned their sloppiness into weaponized OSINT. Through...

Prometheus: Reverse-Engineering Overwatch (39c3)

This talk explores the internals of Overwatch which make the game work under the hood. The end goal is to democratise development of Overwatch. Being able to host your own servers and modify the game client to your liking should not be up for discussion for a game many people have paid money for. Hey you! Yes you! Do you want to pay for a game which gets forcibly taken away from you after only six years? Do you want to buy lootboxes in order to unlock cosmetics faster in the game you „own“? Overwatch 1...

Machine Vision (39c3)

Milliarden von Kameras produzieren täglich Bilder, die zunehmend von Maschinen analysiert werden. In dieser Lecture Performance beleuchten wir die Entwicklung des maschinellen Sehens – von den frühen algorithmischen Ansätzen bis zu den heutigen Anwendungen – und schauen, wie verschiedene Künstler:innen diese Technologien nutzen und reflektieren. Anhand der beiden Arbeiten „Throwback Environment” und „Fomes Fomentarius Digitalis” betrachten wir die Nutzung des maschinellen Sehens in einem künstlerischen Feedback-Loop. Die Arbeiten machen sichtbar, was die eingesetzten Algorithmen sehen und in welchen Mustern sie operieren. Unmengen an Bilder werden Täglich in die Netzwerke hochgeladen. Doch nicht nur Menschen betrachten...