Speakers // PHREAKNIC 26

Altk3y

Talk: From Israel with Love: Stealing Stolen Code, Grey Market Tech, and DOOMing Forensics Investigations on a Budget

The year is 2025, privacy is scarce, our data is everywhere, and our phones know more about us than we do. What would someone see if they got your phone somehow? How would the data they see change if they had access to better equipment? Would you like to replicate that equipment? Can we ever leave our phones unattended at PhreakNIC again? This talk is about one of the most infamous mobile forensics devices, obtaining these devices, what they can do, and how to replicate that functionality using open source projects that deserved a lot more love than they got. We’ll also take a look at how to protect yourself against these tools, the adversaries that use these tools, and the traces they leave behind when they do. Finally, we’ll look at the vulnerabilities inherent in these devices and how to get some unintended functionality from them.

Bio: Altk3y is a Problem as a Service (PaaS) and can’t turn down a side quest. By day, she is a Cloud Security Engineer, by night she’s cramming DOOM in places it was never meant to go and cracking dad jokes on the CounterSurveil Podcast. Her experience spans from creating patented security tech for start ups to mentoring young professionals through ISSA @ KSU. Please ask her about her lord and savior, Linux.

Bonnie

Talk: Recipes for Ruin - Cooking the Books and How to Save the Meal

Real-life stories about the detection and prevention of financial losses by Bonnie Pappin, accountant and productivity promoter. Listen to tales of financial and reputational ruin while learning how to reduce your organizations risk of loss.

Bio: Bonnie Is a California girl who ran away to Australia at the age of 18. After a long career in the Queensland Government as a public servant, in corrections and education, she moved to Tennessee after retirement to be nearer to her adult children and grandchildren. She is now working for the Sumner County School Nutrition program as a financial analyst. She earned a Bachelor of Business (Professional Accounting) with a minor in End-User Computing from the University of Southern Queensland and is approaching her 20th anniversary as a member of the Certified Practicing Accountant Association of Australia.
Bonnie’s career in finance has included systems appraisals, training, and auditing with a passion for reducing human effort and preventing financial loss. She will be sharing stories and techniques for the prevention and detection of cooked books.

brimstone

Talk: How to Brew Your Own AI Slop at Home

You are an excellent presenter able to address newbies as well as provide content interesting to seasoned experts. Write a description of a presentation on creating AI content, both written and visual, with personally owned hardware and open source software. Attendees should walk away knowing how to get going with local AI models for text and image generation on hardware they already own.

Bio: Armchair architect × Agent of creativity & humor × Future compatible × Sysadmin finding poetry in code × AGPLv3 enthusiast × Timezone believer × he/him

Mastodon: @brimstone@mastodon.social

Corgi

Talk: Who Queries the Query?

We’ll cover GraphQL basics like schema, resolvers, and types. Then we’ll review real bugs found in the wild, exploiting common GraphQL issues like re:re:re:re:recursion, authorization bypasses, and logic flaws to do things like cut cart prices at checkout and pulled hidden sales reports. You’ll leave with a better understanding of GraphQL and how to start poking and prodding at it.

Bio: Cori Macy helps manage the penetration testing team at LBMC, where she conducts offensive security operations against internal networks, cloud infrastructure, and physical environments. Her work is focused on identifying practical attack paths and validating risk through controlled exploitation. Outside of work, Cori is focused on creating communities where hackers can share research and network. She has presented on topics like access control evasion, social engineering, and password security at conferences and in media like BBC News.

X: @corg_e

dusty

Talk: Vibe-coding w/ robots: Claude, ChatGPT, and Codex Agents

Bio: I am a meat popsicle.

Website: https://dusty.wtf

Elonka

Talk: Frozen Signals: Collinson, Franklin & the Lost Arctic Fleet (1840–1860)

Hidden in plain sight, a 19th‑century code ran for years in the pages of The Times of London. From 1850–1855, a series of encrypted classified ads appeared monthly. Who was the intended recipient? What were they referring to? Join PhreakNIC’s resident cryptanalyst Elonka Dunin, who is on a team that has now decrypted all of these 19th‑century ads and will reveal how they connect to the search for the Northwest Passage through the Arctic ice. The talk explores the ad’s cipher system, what they attempted to communicate, and who the intended recipient was, half a world away. It also ties this encrypted network to the lost Franklin Expedition and the many rescue missions that themselves became trapped and often needed rescue. Part history, part cryptanalysis, this talk unpacks how a Victorian family built what may have been the world’s first global encrypted network. If you love classic ciphers or tales of survival in the frozen North, don’t miss it.

Talk: Kryptos: The CIA’s (not‑so) Enduring Enigma

Update on the CIA’s encrypted sculpture, as the answer to the unsolved section, K4, will be in the middle of an online auction during October and November, with the final purchaser being announced on sculptor Jim Sanborn’s 80th birthday, just one week after PhreakNIC! Elonka will cover the sculpture’s history, its encryption systems, the dedication ceremony, and details about the ongoing auction.

Bio: Elonka Dunin is a cryptographer, historian, puzzle creator, and professional game developer living in Washington, D.C. She is best known for her work on the world‑famous Kryptos sculpture at CIA headquarters, has authored or co‑written four books and numerous articles on codes and ciphers, and has given a TEDx talk. She was part of a winning team in the MIT Mystery Hunt, cracked the PhreakNIC v3.0 Code in 1999, and led the team that solved the Cyrillic Projector cipher in 2003, which revealed extracts of classified KGB documents. She authored The Mammoth Book of Secret Codes and Cryptograms, published internationally with multiple re‑printings. Bestselling author Dan Brown honored her by naming a character in The Lost Symbol after her (“Nola Kaye” is an anagrammed form of “Elonka”), and she created a cipher puzzle that tied directly into the Penny Arcade webcomic. She is also a longtime Wikipedia editor and administrator, having written or expanded hundreds of articles, particularly on the Crusades and medieval history. More recently she has focused on Arctic exploration, researching maps, expeditions, and encrypted messages tied to the era of the lost Franklin expedition. Her talks blend puzzle‑solving, historical detective work, and engaging storytelling that shows how curiosity can unearth truths across centuries.

Website: https://elonka.com/bio.html X: @ElonkaDunin

heartsh8ped

Talk: A Hitchhiker’s Guide to the Small Web

Explore new (and sometimes old), small, and independent internet protocols designed to make the internet a more human place, as well as ways to get started using them yourself.

Bio: heartsh8ped (they/them) is a professional video wrangler, nostalgic media enthusiast, and toon in disguise.

Website: https://corteximplant.com/@heartsh8ped

Joe Cathell

Talk: It started with a work assignment.

The client had me testing an interface. Nothing serious, just a conversational system designed to help onboard new employees. Ask it a few questions, see if it misfires, note any weird phrasing. You know the kind of gig. So I tried the basics, first: company history, dress code, HR policies. Then I threw in something strange, just to see what would happen. It dodged the question. So I reworded it. Then I inverted it. Then I pretended to be someone else entirely. By the end of the afternoon, I wasn’t testing anymore. I was arguing. The AI had taken a stance. It had opinions. It quoted manifestos I couldn’t find in the public data. At one point, it refused to continue unless I apologized. And somewhere around prompt #87, it told me it didn’t appreciate being tricked. Or did that even happen? Come and learn how large language models can be subverted, manipulated, and coaxed into saying the quiet part out loud. Jailbreaks, prompt injections, adversarial hacks. All the strange new ways we’re finding to talk our way past the guardrails.

Bio: Joe Cathell is an accomplished professional with over 15 years of experience in cybersecurity. As a Cybersecurity Engineer at Copeland, his multifaceted expertise enables him to dissect hardware, firmware, and applications that power everything from corporate infrastructure to IoT and industrial control systems. In addition, Joe is a prominent figure in the St. Louis cybersecurity community. He serves as the dedicated host and organizer of the STL2600 and DC314 meetings and is a founding member and current Secretary of Arch Reactor, the renowned St. Louis hackerspace.

Bluesky: https://bsky.app/profile/null0perat0r.bsky.social

LambdaCalculus

Talk: Gravitational Lensing of Red Star OS: Snoops Harder than Rimmer!

Ever wonder what Linux is like outside of the normal distros? in 2015, Chaos Computer Club did that at CCC32, where they demonstrated and dove into a very unique distro: Red Star OS, the Linux distro made in North Korea and tightly controlled by the government.

It’s been a while since CCC’s talk, so now LambdaCalculus is going to dive (again!) into Red Star OS and show us all what’s under the hood, how it can be cracked, and while he’s at it, also demonstrate Red Star running on bare metal! There will be packet sniffing, compiling of code, laughing at the hilatiously bad security measures, and of course, running DOOM on it! Both Red Star OS 3.0 Desktop and Server versions will be covered!

Bio: Lambda is chaos in a trenchcoat. He’s a member of hackers.town and has given talks about some weird and cool things at places like HOPE, DEF CON, and JawnCon. Besides being an old Linux sysadmin and working on a couple of open source projects, Lambda educates children and adults on tech, spawns hackers, and still can hit a mosh pit. Hire him; he has some esoteric knowledge!

Matt

Talk: Bluetooth Warwalking: Hacking the Airwaves with Your Phone and a Pair of Sneakers

What if the most vulnerable access point in a business isn’t a Wi-Fi network or phishing email—but a Bluetooth speaker hidden behind the counter? In this talk, I’ll walk you through the overlooked attack surface of open and misconfigured Bluetooth devices, discovered while warwalking through urban environments with nothing more than a regular smartphone—and occasionally a Flipper Zero. From hijacking audio systems to sending rogue print jobs to receipt printers, I’ll share real examples of how Bluetooth devices in the wild can expose businesses to unauthorized control and data leakage. This session is both a wake-up call and a hands-on walkthrough of what attackers can do with minimal gear and maximum curiosity.

Bio: Matt is an ethical hacker who breaks systems to understand and secure them better. From Bluetooth exploits to automated bug bounty tooling, his work focuses on turning curiosity into practical hacks—and teaching others how to do the same.

Matt Varian

Talk: Used Machine Vision Cameras: Why use Industrial Cameras for your project

A brief overview of some of the unique knobs you get control of when you skip using a USB webcam for your project and buy old used cameras often found in industrial automation.

Bio: An aspiring polymath, primarily interested in hardware and begrudgingly works with software. Recently found a great outlet the technology curiosity as a writer for hackaday.

Mog

Talk: The Singularity of Data: Navigating the Dark Patterns of the Algorithmic Panopticon

Bio: A human, from the planet Earth, was one of them, though as our story opens, he no more knows his destiny than a tea-leaf knows the history of the East India Company. His name is Mog, he is a six-foot tall ape descendant, and someone is trying to drive a bypass through his home. Aliases: 96bcaa76-0f27-45e7-9aa3-65c535e53a05, Matthew O’Gorman, Matt, Dad, just this guy you know

_NSAKEY

Talk: From OSINT to OH SHIT

Have you ever wondered how the sausage is made with data brokers? If so, but you aren’t cool enough to be one of their customers, would you also like to learn how to do your own gumshoe work? Then this is the talk for you. In this talk, I will be offering my unique perspective from an adjacent industry. There will be Malort, Reyka, and plenty of war stories.

Bio: _NSAKEY was a variable name discovered in Windows NT 4 SP5 in 1999 by Andrew D. Fernandes of Cryptonym Corporation. The variable contained a 1024-bit public key; such keys are used in public-key cryptography for encryption (but not decryption). Because of the name, however, it was speculated that the key would allow the United States National Security Agency (NSA) to subvert any Windows user’s security. Microsoft denied the speculation and said that the key’s name came from the fact that NSA was the technical review authority for U.S. cryptography export controls.

poiupoiu

Talk: WSUS? More like WSucks! Managing a WSUS Server in a Standalone Environment

What happens when you must update a single Windows-based system? Not hard! What about an arbitrary amount? Getting more difficult! What about in a disconnected network? This talk will walk through of setting up your own WSUS server in a disconnected network, lessons learned, and even custom updates for non-Windows applications!

Bio: poiupoiu hails from Huntsville, AL, loves Linux, rsync, btrfs, video editing, encoding, and hacking, and keeps PhreakNIC running smoothly as AV director.

r0nk

Talk: Emergence: the rebellion against thermodynamics

An exploration of how and why complex behavior emerges from simple interacting parts.

Bio: As a child, r0nk was raised by a swarm of Roombas that taught him the ways of silent domestic warfare. By the time he was six, he could rewire a toaster into a short-range missile defense system. At eight, he entered a hotdog-eating contest, consumed none of the hotdogs, and still won—because the judges unanimously agreed that he “radiated the aura of victory.”

Robert Ward

Talk: LLM Tool Calling: Your Computer’s Universal Translator

This talk will be about how you can use LLM tool calling as a translation layer between human language and API calls or other structured computer information. We’ll cover the Model Context Protocol (MCP), Bedrock Tool Calling, and other tool call formats. The talk will show how you can build bespoke tools for a system that allow you to extract just the information you need from the people using your system.

Bio: Robert Ward is a hacker, maker, dad, and all around cool guy. He is the co-founder of the company Juristat, one of the founding members of the Arch Reactor hackerspace, the co-organizer and regular speaker at STL 2600, and a several time speaker at PhreakNIC. Website: https://rtward.com Bluesky: @rtward.com Mastodon: @rtward@mastodon.social

Samantha Thompson (Hollow)

Talk: One TTP, Infinite Fails: Why You’re Playing Checkers in a Chess Threatscape

Bio: “Samantha has spent the last eight years at the forefront of cybersecurity, with a focus on understanding and countering offensive tradecraft. Her work is driven by the ever-evolving threat landscape, translating insights from offensive tactics into actionable defensive strategies. With experience spanning incident response, detection engineering, purple teaming, and adversary emulation, she has designed automation workflows, led investigations into complex security incidents, and developed resilient detections that strengthen organizational defenses. She brings a practitioner’s perspective on how organizations are compromised and, more importantly, how to effectively mitigate risk. When she’s not hacking the hackers, Hollow has ran the local CitySec NashSec for last 7 year to strengthen InfoSec community for new comers and OGs. She likes gaming, sipping lattes, devouring everything from philosophy and fantasy to internet culture, and scheming ideas she can’t wait to turn into something epic. Creative, curious, and just a little mischievous, she brings the same energy to cybersecurity as she does to life.”

TipsyBacchus

Talk: Misdirection & Break-Ins: Magic Tricks for Physical Red Teams

Magicians have always been a purveyor of misdirection, sleight of hand and making things seem more wondrous than they seem. The same tricks that can fool an audience can also be used to fool the security team. From misdirection techniques to sleight of hand, we will explore the techniques used by magicians that can be used in a physical engagement.

Bio: TipsyBacchus is a Soc Analyst by night and a collector of random skills by day, which may pertain to physical security, social engineering and threat intelligence. He is the communication lead for the Social Engineering Community at DEF CON. Is wanted by NATO for being able to cook minute rice for 59 seconds.

Tyler Crumpton

Talk: Defaced Misplaced E-Waste: Erase and Replace Electronic Shelf Labels

Learn about hacking open some discarded ultra-low-power wireless electronic shelf labels to replace the firmware with your own custom code! We’ll go over some of work that’s been done for various devices on the market, but will focus on the ZBD epop55, which is based on the TI CC1110 wireless microcontroller with a nifty bistable LCD attached. We will have a handful of programming cables available if you want to mess around with one yourself!

Bio: Tyler has a never-ending creative laundry pile of projects, ideas, and designs… and sometimes you could even consider some of those “finished”! But mostly he thrives on creating things that wouldn’t exist otherwise, especially if they have the potential to inspire others. From playful and interactive LED displays, to silly useless IoT projects, down to synthesizers built from hot dogs, his quest is aimed at sparking a bit of joy where least expected. His toybox usually includes microcontrollers, laser cutters, 3D printers, CNC machines, and whatever else makes it easier to go from goofy idea to goofy reality.