The Chaos Communication Congress (39C3) is a renowned annual event in the cybersecurity and technology world.
Organized by the Chaos Computer Club, the event is taking place in Hamburg December 27–30, 2025. This 4 day conference is a hub for hackers, technologists, and visionaries to explore the intersection of technology, society, and utopia. Known for its critical-creative approach, the Congress features lectures, workshops, and discussions on the societal impacts of technological advancements.
Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling
Date: Tuesday, December 30, 2025
Time: 12:50pm – 1:30pm
Location: Congress Center Hamburg
NetSPI’s participation in this prestigious event is a testament to their expertise and thought leadership in hardware and embedded penetration testing.
Technical Director, Hardware “”
Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1’s and 0’s, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory.
Naturally, whilst useful, this also has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a “temporary” measure to combat this flaw, by coating chips in a material that would reflect undesirable UV.
Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing; due to both limitations of cost in tooling as well as personnel expertise required. Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin.
This project demonstrates that with a limited budget and hacker-and-maker mentality, similar results can be obtained at a fraction of the cost, from the comfort of your home or garage. With the modifications of an opensource low-cost microscope, addition of a home-built beam splitter and interchangeable diode laser, it has been shown that consumer-grade diodes are capable of producing results similar to the high-cost variants, such as the YAG lasers.
One example of results includes introducing affordable avenues to conduct laser-based fault injection, via the usage of such budget-friendly tooling. We are opening the study of these low-level hardware attacking methodologies to more entry-level security testers, without the need for hundreds of thousands of dollars in startup capital.
By leveraging more affordable technology alternatives, we have embarked on a mission to uncover hardware malware, detect supply-chain chip replacements, and delve into the realm of laser-logic-state imaging. Our approach integrates optics, laser selection, and machine learning components.
Sam Beaumont ( PANTH13R ) Director, Hardware & Integrated Systems
Sam is at the forefront of developing and delivering technical strategies and solutions for Hardware and Integrated Systems at NetSPI. With a career spanning 10+ years in tech and cybersecurity, Sam has established a formidable reputation for hacking anything with a chip – from hardware and embedded systems to all things that “fly, sail, or drive”. Her extensive expertise provides NetSPI customers with unmatched technical leadership, depth, and delivery excellence in advisory and cybersecurity services, ensuring assets existing in physical spaces are fortified against evolving threats.
In previous roles, Sam has served in a technical capacity as an offensive security Principal Consultant, Red Teamer, Exploit Developer, Vulnerability Researcher, and more. She has continually demonstrated a unique ability to bridge the gap between business, regulatory needs, and the most prevalent theoretical vulnerabilities. Sam’s commitment to the cybersecurity community and approach to tackling cyber-physical systems has cemented her status as a practical thought leader in the field. Through continued research, speaking engagements, and mentorship, Sam is dedicated to pushing the boundaries of what’s possible for women in cybersecurity, ensuring a safer, more diverse future for those who wish to secure technologies.
Larry Trowell ( Patch ) Technical Director, Hardware
Larry is responsible for leading and executing IOT/Embedded Penetration Testing and researching new security techniques to ensure the safety of embedded systems.
Larry has a master’s degree in mathematics with emphases on Computer Science and Artificial Intelligence from Georgia Southern University. He has worked with several Fortune 250 companies both as an embedded systems engineer and security expert focused on medical devices.
He has aided in the design and security of multiple devices in the Automotive, Financial, Medical, Wireless, and Multimedia spectrums, has been published in medical journals, and spoken at conferences all over the globe. Larry has extensive knowledge of the design of various bare metal and low-level embedded devices.
