Like each year, the infrastructure review talks about how congress works and the
people who make it work. I love watching these, I loved being an Angel when
I was there, and I really like learning about the parts of organizing I didn't
know about. This time it's a bit rushed unfortunately but it's still a nice talk
---
[A dozen more things you didn't know Nextcloud could do](https://media.ccc.de/v/36c3-oio-160-a-dozen-more-things-you-didn-t-know-nextcloud-could-do) ⭐⭐
Good talk on nextcloud. Starts talking about the cloud in general and data
privacy and stuff like that, then presents upcoming and existing features of
nextcloud, many of which I didn't know were there
---
[a home among the stars: Galina Balashova, architect of the soviet space programme](https://media.ccc.de/v/36c3-oio-201-a-home-among-the-stars-galina-balashova-architect-of-the-soviet-space-programme) ⭐⭐⭐⭐
Great presentation of the Soviet space program interior design and of the
history of the person who designed all of it, Galina Balashova. I was riveted
---
[All wireless communication stacks are equally broken](https://media.ccc.de/v/36c3-10531-all_wireless_communication_stacks_are_equally_broken) ⭐⭐
Review of vulnerabilities in various wireless communications stacks. A bit light
imo, and a bit hard to follow, but a good reminder that you shouldn't trust
these
---
[A systematic evaluation of OpenBSD's mitigations](https://media.ccc.de/v/36c3-10519-a_systematic_evaluation_of_openbsd_s_mitigations) ⭐⭐⭐⭐
Ah, the infamous OpenBSD talk! Very interesting, honestly, most of the points
are very true and need to be fixed. I found he nitpicked a little bit though,
and he was kinda aggressive and not very sociable ("I haven't interacted with
the OpenBSD community once"), and then he seems kinda surprised not to have
received a warm welcome. That being said, the talk is very informative and does
contain a lot of very worrying information and valid criticism
Your bootloader, it's been a while since you thought about it too much, huh?
Well, it's a critical component of the security chain of trust, and they're...
really bad. This talk explores exactly how bad they are.
---
[DC/DC Converters: Everything You Wanted To Know About Them](https://media.ccc.de/v/36c3-134-dc-dc-converters-everything-you-wanted-to-know-about-them) ⭐⭐⭐⭐
I approached this thinking "Everything I want to know about DC/DC converters?
uh... I can't think of a thing..." and left with a better understanding of power
supplies and a now-satisfied curiosity for electronics. Good talk!
---
[Don't Ruck Us Too Hard - Owning Ruckus AP Devices](https://media.ccc.de/v/36c3-10816-don_t_ruck_us_too_hard_-_owning_ruckus_ap_devices) ⭐⭐⭐
Classic junk hacking, still pretty fun to watch and examine
---
[Hacking (with) a TPM](https://media.ccc.de/v/36c3-10564-hacking_with_a_tpm) ⭐⭐⭐⭐⭐
Great talk about how TPMs work, how we can actually use them from linux, what we
can do with them... Wanted to learn about TPMs for years, this gave me exactly
what I wanted.
---
[Hacking Sony PlayStation Blu-ray Drives](https://media.ccc.de/v/36c3-10567-hacking_sony_playstation_blu-ray_drives) ⭐⭐⭐
Interesting subject and great research, pretty old stuff by now though and the
talk itself isn't that good (mostly reading his slides, stuff like that).
---
[How to Break PDFs](https://media.ccc.de/v/36c3-10832-how_to_break_pdfs) ⭐⭐⭐⭐
Fun talk about design problems in the PDF standard that allow for forged
signatures and stuff like that.
---
[Infrastructure of Wikipedia](https://media.ccc.de/v/36c3-73-infrastructure-of-wikipedia) ⭐⭐⭐⭐
Had no idea how wikipedia was run infrastructure-wise, this is a comprehensive
explanation of just that. Very surprised by how small their operation is given
the scale of wikipedia.
---
[Intel Management Engine deep dive](https://media.ccc.de/v/36c3-10694-intel_management_engine_deep_dive) ⭐⭐⭐⭐
Missed all the previous Intel ME talks at congress, so this was a good
refresher. It's an impressive talk from a technical point of view, and very
informative too
---
[It's not safe on the streets... especially for your 3DS!](https://media.ccc.de/v/36c3-10796-it_s_not_safe_on_the_streets_especially_for_your_3ds) ⭐⭐⭐⭐
Very cool talk on the Streetpass protocol, how it works, and how it's
exploitable. Definitely makes me wanna experiment with my 3ds again! (oops,
I forgot to play the games 😩)
---
[KTRW: The journey to build a debuggable iPhone](https://media.ccc.de/v/36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone) ⭐⭐⭐⭐⭐
iOS exploitation is always really cool. iOS kernel exploitation is even cooler.
Using that to make a step-by-step debuggable iPhone, with a demo on-stage?
Amazing. Admitting your exploit has been redundant/outdated since right before
you released it and all that work could have been avoided, with a smile?
Priceless
---
[Look at ME! - Intel ME Investigation](https://media.ccc.de/v/36c3-149-look-at-me-intel-me-investigation) ⭐⭐⭐⭐
Good overview of what you missed in the previous ME talk (and also really helps
understanding that other talk, you should watch this one first!). No reverse
engineering has been performed in the making of this presentation, of course
---
[Messenger Hacking: Remotely Compromising an iPhone through iMessage](https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage) ⭐⭐⭐⭐
Another iOS exploitation talk, this time 0 interaction, with memory corruption
through what's essentially text messages? Really cool
---
[No Body's Business But Mine, a dive into Menstruation Apps](https://media.ccc.de/v/36c3-10693-no_body_s_business_but_mine_a_dive_into_menstruation_apps) ⭐⭐⭐⭐
Important research on menstruation apps data sharing (mal)practices. Pretty good
talk too, a bit light on the research but it's cool that they contacted and got
an answer from the companies in question.
---
[Plundervolt: Flipping Bits from Software without Rowhammer](https://media.ccc.de/v/36c3-10883-plundervolt_flipping_bits_from_software_without_rowhammer) ⭐⭐⭐⭐⭐
I love hardware attacks and fault injection attacks, this is a hardware attack
using fault injection all from software. It's great. It's not very practical,
and the target is pretty small, but it's really amazing to learn about, and the
presentation is great too
---
[Practical Cache Attacks from the Network and Bad Cat Puns](https://media.ccc.de/v/36c3-10884-practical_cache_attacks_from_the_network_and_bad_cat_puns) ⭐⭐⭐⭐
Yay, yet another CPU cache attack! And this one is over the network too, which
is way broader in application than the previous examples! Very good technical
talk.
---
[Refactoring qaul.net in Rust (Internet independent mesh communication App)](https://media.ccc.de/v/36c3-oio-143-refactoring-qaul-net-in-rust-internet-independent-mesh-communication-app-) ⭐⭐⭐⭐⭐
I love hearing about alternative communication platforms, and I love the ones
that don't depend on a centralized or even federated infrastructure (we're gonna
need them after the end of capitalism when we're reducing our collective energy
consumption). This is about just that, and it's fun, and my friend is speaking
too so.
---
[SELECT code_execution FROM * USING SQLite;](https://media.ccc.de/v/36c3-10701-select_code_execution_from_using_sqlite) ⭐⭐⭐⭐
Is SQLite secure? It's software so obviously not, but how insecure is it? This
talk goes into how to corrupt memory in SQLite, and that's pretty good given the
number of things that use it.
---
[SIM card technology from A-Z](https://media.ccc.de/v/36c3-10737-sim_card_technology_from_a-z) ⭐⭐⭐⭐
Smartcards are cool. SIM Cards are cool! I love learning about stuff like that
where there's not a lot of (publicly-available) documentation and it's hard to
experiment by yourself, and this goes into great detail
---
[Server Infrastructure for Global Rebellion](https://media.ccc.de/v/36c3-11008-server_infrastructure_for_global_rebellion) ⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐
Probably the most important talk of 36c3 in my opinion. Too many
activist/political groups don't think nearly enough about infrastructure and
security, and act as if talking openly was fine and noone was spying on them.
Guess what.
There's also a shortage of politically-invested systems and network admins, and
we need more, we need way more. The distributed architecture of the system
that's presented here, with the implicit transfer of knowledge that goes with
it, is incredibly good and very effective against getting compromised.
I'll leave the rest for when you to discover in the talk, but definitely watch
it.
Be warned though, the first... maybe 20 minutes? are not about infrastructure,
they're about global warming. And while this is a very important topic it can
also be very overwhelming (and it definitely is here), so you might want to skip
that if it makes you anxious. Otherwise, be prepared.
---
[Storing energy in the 21st century](https://media.ccc.de/v/36c3-157-storing-energy-in-the-21st-centruy) ⭐⭐⭐
Everything you've ever wanted to know about batteries. Unfortunately cut a bit
short at the end because of poor time management, but still.
A very british talk about an old RISC computer? I'm here for it.
---
[The challenges of Protected Virtualization](https://media.ccc.de/v/36c3-107-the-challenges-of-protected-virtualization) ⭐⭐
This one presents the concept of an Ultravisor, some sort of more privileged
hypervisor that would enable VMs that are protected from the host. I'm not
really convinced honestly but go give it a listen to make up your own mind
---
[The sustainability of safety, security and privacy](https://media.ccc.de/v/36c3-10924-the_sustainability_of_safety_security_and_privacy) ⭐⭐⭐
It's hard to patch things for a long time, and yet we're going to have to start
because we need to start being <strike>more</strike> sustainable.
---
[ The technical is political – tech’s role in oppression and what technicians can do against it](https://media.ccc.de/v/36c3-150-the-technical-is-political-tech-s-role-in-oppression-and-what-technicians-can-do-against-it) ⭐⭐⭐⭐
This one may be a bit obvious, honestly, but it's still good and important to
see these things said at a hacker forum like congress is, and they aren't told
Fault injection is fun! Fault injection is cool, and that's what he's doing
here with very precisely timed undervoltage (he's got a cute little device to
help too). Also gives all the context you need, good talk
---
[Uncover, Understand, Own - Regaining Control Over Your AMD CPU](https://media.ccc.de/v/36c3-10942-uncover_understand_own_-_regaining_control_over_your_amd_cpu) ⭐⭐⭐⭐
The Intel ME talk, but about the AMD PSP. They reverse-engineered it pretty
well, and explain not only how it works but also how they reimplemented part of
the firmware and a userland proxy too.
---
[Understanding millions of gates](https://media.ccc.de/v/36c3-10976-understanding_millions_of_gates) ⭐⭐⭐⭐⭐
Very interesting talk, about reverse engineering integrated circuits from
pictures of the chip surface. Hardware reverse-engineering and amazing-looking
graphs get a thumbs-up from me
---
[What the World can learn from Hongkong](https://media.ccc.de/v/36c3-10933-what_the_world_can_learn_from_hongkong) ⭐⭐⭐⭐⭐
I was a bit weary of this one because western liberals love to use revolts in
foreign countries as examples that liberalism is so good. But this talk is
politically well thought-out, and it has a lot of very good protest tactics
suggestions. Good stuff here too
---
[What's left for private messaging?](https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging) ⭐
Secure messaging rehash of old debates, the threat modelling is always the same
(the state or a state-like actor is spying on you), not much usability concern,
