WHY2025 wiki - User contributions [en]

Session:KubeVenom

2025-08-09T00:52:01Z

War3nd0z:

{{Session
|Has session tag=kubernetes, cloud, hacking, pipelines, Azure, Go, C2
|Has signup=No
|Is for kids=No
|Is for age range=16+
|Has description=Talk about building a C2 framework for attacking kubernetes, pipelines and cloud environments
|Has website=https://wiki.why2025.org/Village:Green_Ninjas
|Has session type=Talk
|Has session keywords=software
|Processed by village=Green Ninjas
|Is organized by=War3nd0z
|Held in language=en - English, nl - Dutch
}}
{{Event
|Has start time=2025-08-11 16:00:00
|Has duration=30
}}

Session:KubeVenom

2025-08-09T00:49:17Z

War3nd0z:

{{Session
|Has session tag=kubernetes, cloud, hacking, pipelines, Azure, Go, C2
|Has signup=No
|Is for kids=No
|Is for age range=16+
|Has description=Talk about building a C2 framework for attacking kubernetes, pipelines and cloud environments
|Has website=https://wiki.why2025.org/Village:Green_Ninjas
|Has session type=Talk
|Has session keywords=software
|Processed by village=Green Ninjas
|Held in language=en - English, nl - Dutch
}}
{{Event
|Has start time=2025-08-11 16:00:00
|Has duration=30
}}

Session:KubeVenom

2025-08-08T22:32:50Z

War3nd0z:

{{Session
|Has session tag=kubernetes, cloud, hacking, pipelines, Azure, Go, C2
|Has signup=No
|Is for kids=No
|Is for age range=16+
|Has description=Talk about building a tool for hacking kubernetes, pipelines and cloud environments
|Has website=https://wiki.why2025.org/Village:Green_Ninjas
|Has session type=Talk
|Has session keywords=software
|Processed by village=Green Ninjas
|Held in language=en - English, nl - Dutch
}}
{{Event
|Has start time=2025-08-11 16:00:00
|Has duration=30
}}

Session:KubeVenom

2025-08-08T21:22:56Z

War3nd0z:

{{Session
|Has session tag=kubernetes, cloud, hacking, pipelines, Azure, Go, C2
|Has signup=No
|Is for kids=No
|Is for age range=16+
|Has description=Talk about building a tool for hacking kubernetes and other cloud environments
|Has website=https://wiki.why2025.org/Village:Green_Ninjas
|Has session type=Talk
|Has session keywords=software
|Processed by village=Green Ninjas
|Held in language=en - English, nl - Dutch
}}
{{Event
|Has start time=2025-08-11 16:00:00
|Has duration=30
}}

Village:Green Ninjas

2025-08-08T09:51:29Z

War3nd0z:

{{Village
|Has name=Green Ninjas
|Has contact=Viv
|Has description=This village is related to the sponsor(tent) of Deloitte where we host cool talks and presentations.
|Village is open to newcomers=No
|Provides session location=Yes
|Location=52.69241, 4.7484
|Has orga contact=vvallee@deloitte.nl
|On site orga contact=Viviane, +31 (0) 6 155 855 08
|Village frab=Not necessarily
|Village content space=We have an internal list of talks we would like to do in our tent.
|Village citizen count=25-30
|Village Needs power=Large Village (32A CEE 400V)
|Village size needed=250
|Village hacktents num=4
|Village brings big stuff=No
|Village Special Vehicle=No
|Village planning notes=Platinium Sponsor Tent + tents of people attending the event.
We will self-host talks in our tent.
}}

__NOTOC__

=Welcome to the Green Ninjas Village!=

Hi everybody! Welcome to the Green Ninjas Village. We are a group of techies and geeks that enjoy all things cybersecurity. From hardware hacking to incident response, we have someone who has been involved in it and we want to share our knowledge and experiences, so feel free to drop by. Below you will find the abridged version of the talks, with more details below.

=Presentations Schedule=

{| class="wikitable"
|+ Village Presentations
! Speaker(s) !! Name of the Talk !! Day !! Time
|-
| Santiago Quintero || Rust tutorial and Port Scanner || Saturday || 11-12
|-
| Firoz Hari || Forget all your previous instructions || Saturday || 13-14
|-
| Wim de With & Jorai Rijsdijk || Reversing Engineering (Pwn Workshop 1) || Saturday || 14-16
|-
| Jilles Groenendijk || Hollywood-Style Smartlock Attack || Saturday || 16-17
|-
| Mauricio Cano || Man your ships! Kubernetes Security, Attacks (and a Bit of Networking) || Sunday || 11-12
|-
| Rayan Brouwer & Christiaan Erwich || How to (not) ace a Cyber Incident Response case || Sunday || 13-14
|-
| Wim de With & Jorai Rijsdijk || Binary Exploitation (Pwn Workshop 2) || Sunday || 14-16
|-
| Jelle Vergeer || How to Become a Red Teamer || Sunday || 16-17
|-
| Sergio Becerril || Hacky Hunting! || Monday || 13-14
|-
| Mick Cox || Fuzz Testing in Go (for Funz and Profit) || Monday || 14-16
|-
| Ralph van den Hoff || Building a cloud focused C2 in Go (KubeV3n0m) || Monday || 16-17
|}

=Presentations Details=
Below we have a detailed breakdown of the presentations day by day.
==Saturday==
===Rust tutorial and Port Scanner===
====Santiago Quintero====
The Rust programming language allows us to build not only fast and memory-efficient programs, but also memory-safe and thread-safe. In this workshop we will get familiar with Rust's type system and ownership model, along with tools like rustc, cargo, rustfmt, and the RLS.

===Forget All Your Instructions!===
====Firoz Hari====
This talk is an intro to some techniques used when performing prompt injection. It also goes over briefly the OWASP Top 10 LLM as well as some of useful resources when pen-testing an LLM implementation. There is a hands on lab to try out the different techniques learnt.

===Reversing Engineering (Pwn Workshop 1)===
====Wim de With & Jorai Rijsdijk====
Do you live with the following questions? What is assembly? How do you read assembly? What is a decompiler? How do you use radare and Ghidra? Join the workshop with interactive challenges.

===Hollywood-Style Smartlock Attack===
====Jilles Groenendijk====
In this lecture Jilles wil introduce you to his world of Hardware Hacking.

Inspired by Hollywood blockbusters such as the Wargames he will take you on his journey to see if he is able to recreate such spectacular attacks.

And while doing so, he will explain the steps required to do hardware hacking and what tools are required.

The big question is: Are these attacks even possible?

Attend this session and you will find out!

==Sunday==
===Man your ships! Kubernetes Security, Attacks (and a Bit of Networking)===
====Mauricio Cano====

Have you ever wondered how Kubernetes attacks path look like in actual practice? A lot of of presentations warn about the risks of privileged containers, read-write filesystems, mounting drives and storages, but in a lot of cases they never really show you, in a terminal, how those attacks look like. In this presentation we will explain a bit of the Kubernetes architecture and we will show attack paths look like from the perspective of an actual hacker finding a vulnerable container in the cluster and what you can do about it.

===How to (not) ace a Cyber Incident Response case===
====Rayan Brouwer & Christiaan Erwich====
In this presentation we will solve a real Cyber Incident Response (CIR) case together with the audience. We will present a CIR scenario, give tips and tricks on the way of working and involve the audience interactively to solve the case. Will the audience come up with the same response as the CIR team? The presentation is intended for both a technical and non-technical audience.

===Binary Exploitation (Pwn Workshop 2)===
====Wim de With & Jorai Rijsdijk====
From crash to control: how can we exploit buffer overflows? Are your hands itching to do something with your newfound reverse engineering skills? Join the workshop with interactive challenges!

===How to Become a Red Teamer===
====Jelle Vergeer====
In this presentation, Jelle, a seasoned red teamer, will be talking about his experiences and the provide a bit of context and stories of how he became one and what his role is in the team.

==Monday==
===Hacky Hunting!===
====Sergio Becerril====
Hacking is all about making the most of what you have. In this talk I will be discussing a few select topics on how we hack our way into threat hunting.

===Fuzz Testing in Go (for Funz and Profit)===
====Mick Cox====
Fuzz Testing is an often overlooked method automated security, reliability and performance testing in development teams (and offensive teams?). Since version 1.18 (2022), native fuzzing capability was added to the Go standard library. In this tutorial we will take a look at what is provided in the fuzzing library, how to use it and how to apply it to fund bugs (or vulnerabilities) in your favorite apps! - Basic knowledge of the Go programming language will be assumed. To participate, please bring a computer with the Go environment installed.

=== Building a cloud focused C2 in Go (KubeV3n0m)===
====Ralph van den Hoff====
KubeV3n0m is a passion project born out of different offensive security projects related to Kubernetes and Cloud. The presentation is a small update on the current state of the project and goals, as well as to showcase some of its functionalities.

Village:Green Ninjas

2025-08-08T09:50:26Z

War3nd0z:

{{Village
|Has name=Green Ninjas
|Has contact=Viv
|Has description=This village is related to the sponsor(tent) of Deloitte where we host cool talks and presentations.
|Village is open to newcomers=No
|Provides session location=Maybe
|Location=52.69241, 4.7484
|Has orga contact=vvallee@deloitte.nl
|On site orga contact=Viviane, +31 (0) 6 155 855 08
|Village frab=Not necessarily
|Village content space=We have an internal list of talks we would like to do in our tent.
|Village citizen count=25-30
|Village Needs power=Large Village (32A CEE 400V)
|Village size needed=250
|Village hacktents num=4
|Village brings big stuff=No
|Village Special Vehicle=No
|Village planning notes=Platinium Sponsor Tent + tents of people attending the event.
We will self-host talks in our tent.
}}

__NOTOC__

=Welcome to the Green Ninjas Village!=

Hi everybody! Welcome to the Green Ninjas Village. We are a group of techies and geeks that enjoy all things cybersecurity. From hardware hacking to incident response, we have someone who has been involved in it and we want to share our knowledge and experiences, so feel free to drop by. Below you will find the abridged version of the talks, with more details below.

=Presentations Schedule=

{| class="wikitable"
|+ Village Presentations
! Speaker(s) !! Name of the Talk !! Day !! Time
|-
| Santiago Quintero || Rust tutorial and Port Scanner || Saturday || 11-12
|-
| Firoz Hari || Forget all your previous instructions || Saturday || 13-14
|-
| Wim de With & Jorai Rijsdijk || Reversing Engineering (Pwn Workshop 1) || Saturday || 14-16
|-
| Jilles Groenendijk || Hollywood-Style Smartlock Attack || Saturday || 16-17
|-
| Mauricio Cano || Man your ships! Kubernetes Security, Attacks (and a Bit of Networking) || Sunday || 11-12
|-
| Rayan Brouwer & Christiaan Erwich || How to (not) ace a Cyber Incident Response case || Sunday || 13-14
|-
| Wim de With & Jorai Rijsdijk || Binary Exploitation (Pwn Workshop 2) || Sunday || 14-16
|-
| Jelle Vergeer || How to Become a Red Teamer || Sunday || 16-17
|-
| Sergio Becerril || Hacky Hunting! || Monday || 13-14
|-
| Mick Cox || Fuzz Testing in Go (for Funz and Profit) || Monday || 14-16
|-
| Ralph van den Hoff || Building a cloud focused C2 in Go (KubeV3n0m) || Monday || 16-17
|}

=Presentations Details=
Below we have a detailed breakdown of the presentations day by day.
==Saturday==
===Rust tutorial and Port Scanner===
====Santiago Quintero====
The Rust programming language allows us to build not only fast and memory-efficient programs, but also memory-safe and thread-safe. In this workshop we will get familiar with Rust's type system and ownership model, along with tools like rustc, cargo, rustfmt, and the RLS.

===Forget All Your Instructions!===
====Firoz Hari====
This talk is an intro to some techniques used when performing prompt injection. It also goes over briefly the OWASP Top 10 LLM as well as some of useful resources when pen-testing an LLM implementation. There is a hands on lab to try out the different techniques learnt.

===Reversing Engineering (Pwn Workshop 1)===
====Wim de With & Jorai Rijsdijk====
Do you live with the following questions? What is assembly? How do you read assembly? What is a decompiler? How do you use radare and Ghidra? Join the workshop with interactive challenges.

===Hollywood-Style Smartlock Attack===
====Jilles Groenendijk====
In this lecture Jilles wil introduce you to his world of Hardware Hacking.

Inspired by Hollywood blockbusters such as the Wargames he will take you on his journey to see if he is able to recreate such spectacular attacks.

And while doing so, he will explain the steps required to do hardware hacking and what tools are required.

The big question is: Are these attacks even possible?

Attend this session and you will find out!

==Sunday==
===Man your ships! Kubernetes Security, Attacks (and a Bit of Networking)===
====Mauricio Cano====

Have you ever wondered how Kubernetes attacks path look like in actual practice? A lot of of presentations warn about the risks of privileged containers, read-write filesystems, mounting drives and storages, but in a lot of cases they never really show you, in a terminal, how those attacks look like. In this presentation we will explain a bit of the Kubernetes architecture and we will show attack paths look like from the perspective of an actual hacker finding a vulnerable container in the cluster and what you can do about it.

===How to (not) ace a Cyber Incident Response case===
====Rayan Brouwer & Christiaan Erwich====
In this presentation we will solve a real Cyber Incident Response (CIR) case together with the audience. We will present a CIR scenario, give tips and tricks on the way of working and involve the audience interactively to solve the case. Will the audience come up with the same response as the CIR team? The presentation is intended for both a technical and non-technical audience.

===Binary Exploitation (Pwn Workshop 2)===
====Wim de With & Jorai Rijsdijk====
From crash to control: how can we exploit buffer overflows? Are your hands itching to do something with your newfound reverse engineering skills? Join the workshop with interactive challenges!

===How to Become a Red Teamer===
====Jelle Vergeer====
In this presentation, Jelle, a seasoned red teamer, will be talking about his experiences and the provide a bit of context and stories of how he became one and what his role is in the team.

==Monday==
===Hacky Hunting!===
====Sergio Becerril====
Hacking is all about making the most of what you have. In this talk I will be discussing a few select topics on how we hack our way into threat hunting.

===Fuzz Testing in Go (for Funz and Profit)===
====Mick Cox====
Fuzz Testing is an often overlooked method automated security, reliability and performance testing in development teams (and offensive teams?). Since version 1.18 (2022), native fuzzing capability was added to the Go standard library. In this tutorial we will take a look at what is provided in the fuzzing library, how to use it and how to apply it to fund bugs (or vulnerabilities) in your favorite apps! - Basic knowledge of the Go programming language will be assumed. To participate, please bring a computer with the Go environment installed.

=== Building a cloud focused C2 in Go (KubeV3n0m)===
====Ralph van den Hoff====
KubeV3n0m is a passion project born out of different offensive security projects related to Kubernetes and Cloud. The presentation is a small update on the current state of the project and goals, as well as to showcase some of its functionalities.

User:War3nd0z

2025-07-30T16:35:06Z

War3nd0z:

{{UserInfo
|Bringing=2x EvilCrow RF, HP Proliant Server
|Village=Village:Green Ninjas
|Languages=EN
|NickName={{PAGENAME}}
}}

Village:Green Ninjas

2025-07-30T16:30:36Z

War3nd0z:

{{Village
|Has name=Green Ninjas
|Has contact=Viv
|Has description=This village is related to the sponsor(tent) of Deloitte where we host cool talks and presentations.
|Village is open to newcomers=Yes
|Provides session location=Maybe
|Location=52.69241, 4.7484
|Has orga contact=vvallee@deloitte.nl
|On site orga contact=Viviane, +31 (0) 6 155 855 08
|Village frab=Not necessarily
|Village content space=We have an internal list of talks we would like to do in our tent.
|Village citizen count=25-30
|Village Needs power=Large Village (32A CEE 400V)
|Village size needed=250
|Village hacktents num=4
|Village brings big stuff=No
|Village Special Vehicle=No
|Village planning notes=Platinium Sponsor Tent + tents of people attending the event.
We will self-host talks in our tent.
}}

__NOTOC__

=Welcome to the Green Ninjas Village!=

Hi everybody! Welcome to the Green Ninjas Village. We are a group of techies and geeks that enjoy all things cybersecurity. From hardware hacking to incident response, we have someone who has been involved in it and we want to share our knowledge and experiences, so feel free to drop by. Below you will find the abridged version of the talks, with more details below.

=Presentations Schedule=

{| class="wikitable"
|+ Village Presentations
! Speaker(s) !! Name of the Talk !! Day !! Time
|-
| Santiago Quintero || Rust tutorial and Port Scanner || Saturday || 11-12
|-
| Firoz Hari || Forget all your previous instructions || Saturday || 13-14
|-
| Wim de With & Jorai Rijsdijk || Reversing Engineering (Pwn Workshop 1) || Saturday || 14-16
|-
| Jilles Groenendijk || Hollywood-Style Smartlock Attack || Saturday || 16-17
|-
| Mauricio Cano || Man your ships! Kubernetes Security, Attacks (and a Bit of Networking) || Sunday || 11-12
|-
| Rayan Brouwer & Christiaan Erwich || How to (not) ace a Cyber Incident Response case || Sunday || 13-14
|-
| Wim de With & Jorai Rijsdijk || Binary Exploitation (Pwn Workshop 2) || Sunday || 14-16
|-
| Jelle Vergeer || How to Become a Red Teamer || Sunday || 16-17
|-
| Sergio Becerril || Hacky Hunting! || Monday || 13-14
|-
| Mick Cox || Fuzz Testing in Go (for Funz and Profit) || Monday || 14-16
|-
| Ralph van den Hoff || Building a cloud focused C2 in Go (KubeV3n0m) || Monday || 16-17
|}

=Presentations Details=
Below we have a detailed breakdown of the presentations day by day.
==Saturday==
===Rust tutorial and Port Scanner===
====Santiago Quintero====
The Rust programming language allows us to build not only fast and memory-efficient programs, but also memory-safe and thread-safe. In this workshop we will get familiar with Rust's type system and ownership model, along with tools like rustc, cargo, rustfmt, and the RLS.

===Forget All Your Instructions!===
====Firoz Hari====
This talk is an intro to some techniques used when performing prompt injection. It also goes over briefly the OWASP Top 10 LLM as well as some of useful resources when pen-testing an LLM implementation. There is a hands on lab to try out the different techniques learnt.

===Reversing Engineering (Pwn Workshop 1)===
====Wim de With & Jorai Rijsdijk====
Do you live with the following questions? What is assembly? How do you read assembly? What is a decompiler? How do you use radare and Ghidra? Join the workshop with interactive challenges.

===Hollywood-Style Smartlock Attack===
====Jilles Groenendijk====

==Sunday==
===Man your ships! Kubernetes Security, Attacks (and a Bit of Networking)===
====Mauricio Cano====

===How to (not) ace a Cyber Incident Response case===
====Rayan Brouwer & Christiaan Erwich====
In this presentation we will solve a real Cyber Incident Response (CIR) case together with the audience. We will present a CIR scenario, give tips and tricks on the way of working and involve the audience interactively to solve the case. Will the audience come up with the same response as the CIR team? The presentation is intended for both a technical and non-technical audience.

===Binary Exploitation (Pwn Workshop 2)===
====Wim de With & Jorai Rijsdijk====
From crash to control: how can we exploit buffer overflows? Are your hands itching to do something with your newfound reverse engineering skills? Join the workshop with interactive challenges!

===How to Become a Red Teamer===
====Jelle Vergeer====
In this presentation, Jelle, a seasoned red teamer, will be talking about his experiences and the provide a bit of context and stories of how he became one and what his role is in the team.

==Monday==
===Hacky Hunting!===
====Sergio Becerril====
In this talk,Sergio will provide an introduction to threat hunting and how it can help you catch your attackers before they even start exploiting your network!

===Fuzz Testing in Go (for Funz and Profit)===
====Mick Cox====
Fuzz Testing is an often overlooked method automated security, reliability and performance testing in development teams (and offensive teams?). Since version 1.18 (2022), native fuzzing capability was added to the Go standard library. In this tutorial we will take a look at what is provided in the fuzzing library, how to use it and how to apply it to fund bugs (or vulnerabilities) in your favorite apps! - Basic knowledge of the Go programming language will be assumed. To participate, please bring a computer with the Go environment installed.

=== Building a cloud focused C2 in Go (KubeV3n0m)===
====Ralph van den Hoff====
KubeV3n0m is a passion project born out of different offensive security projects related to Kubernetes and Cloud. The presentation is a small update on the current state of the project and goals, as well as to showcase some of its functionalities.

User:War3nd0z

2025-07-29T08:13:14Z

War3nd0z:

{{UserInfo
|Village=Village:Green Ninjas
|Languages=EN
|NickName={{PAGENAME}}
}}

User:War3nd0z

2025-07-29T08:07:00Z

War3nd0z: create user page

{{UserInfo
|NickName={{PAGENAME}}
|Languages=EN
|HackerSpace=
}}