Bugcrowd University Training Decks
Posted on: 10.13.18

For your reading pleasure, the Bugcrowd Universty Training Decks are now available at the ROOTCON Media Server.

Check it out!

Another ROOTCON in the Books!
Posted on: 10.06.18

And that's all about it, another ROOTCON has made it to the books. Thank you to all the humans, speakers and sponsors who made our little hacking community get together a crazy one.

Next year will be a big one as we expand ROOTCON 13 to three full days, more trainings and more activities will be available. All the backstage learnings will be fine tuned as we plan for ROOTCON 13.

Fun-filled learnings, meeting old and new friends is what makes a best conference experience. We are looking forward to see everyone next year.

Cheers everyone!

Panel Discussion: National ID System
Posted on: 09.11.18

Panel Discussion: Philippine National ID System

On August 6, 2018 President Rodrigo Duterte signed into law the bill that implements a National ID System in the Philippines. There are already mixed reviews drawn from different sectors, that doesn't exempt the hacking / infosec community. The hacking community are concerned on the integrity and security of the data of the Filipino people, the hacking community pops questions like: Is this a Comeleak v2.0 waiting to happen? Are we ready for this?

Catch it on Day 1 14:15 - 15:00 at the Main tracks.

Contest Registration is NOW LIVE!
Posted on: 09.03.18

Hacker Fam! With ROOTCON 12 just around the corner, it's time to get those gears running and starting training your packet-fu!

Choose your poison! Contests registration is now live!

Know More!

Capture The Flag - The most gruelling game in every heart of a hacking conference.

Hacker Jeopardy - If you enjoy the company of sharp brains, cold beers and hot babes, you'll feel right at home with Hacker Jeopardy. Whoever said geeks don't know how to party has obviously never registered yet in the largest premiere hacking conference in the country.

Mysterybox - Mystery Box, is a combination of puzzles, mysteries, crypto and little piece of scavenger hunt. One week before the con, there will be puzzles and clues that will be announced.


ZerØ Hour Venue
Posted on: 08.16.18

Where: Bells & Whistles
When: September 28, 2018 2000 HRS
Entrance Fee: ₱650.00
- Dinner
- Booze
- Live band
- Glow-sticks, lasers & unicorns

Program Guide
19:00 - Dinner / Networking
20:00 - Hacker Jeopardy
22:00 til you drop! - Live Band, Drinks, and more.

Buy your ticket here!

Infosec Rundown
Posted on: 07.13.18

What is Infosec Rundown?

Infosec Rundown is a closed-door breakfast session designed by ROOTCON in partnership with Nullforge for top-executives to provide updates on the latest trends of attacks in the Information Security landscape both local and international.

Program Flow
07:00 - 07:30 - Registraion
07:30 - 07:45 - Opening Remarks
07:45 - 8:30 - Topic #1 (TBA)
08:30 - 09:15 - Case Study (TBA)
09:15 - 10:00 - Solutions #1 (TBA)
10:00 - 10:45 - Solutions #2 (TBA)
10:45 - 11:00 - Closing

Are you one of the top-executives in your company? Call us (‭+63.917.804.3643‬) and reserve a seat!

ZerØ Hour Party
Posted on: 07.13.18

A ROOTCON after con party! It's where it gets crazy.

Where: Bells & Whistles Tagaytay
When: September 28, 2018 2000 HRS

Program Guide
20:00 - Hacker Jeopardy
22:00 til you drop! - Live Band, Drinks, and more.

Shuttle schedule
Taal Vista Hotel to Bells & Whistles

Bells & Whistles to Taal Vista
Starts 23:00 then every 30 minutes thereafter

More details

Bugcrowd University
Posted on: 06.28.18

What's up hacker fam! Here's another surprise just for you.

Bugcrowd is happy to offer a full day workshop for bug hunters to learn both intro and advanced topics in web bug hunting. Each BCU module will go over a vulnerability describing it's nature, how to identify it, how to exploit it, relevant tools associated to it, and have labs for students to test their skills. These Bugcrowd University modules are designed to enable the crowd to spot and exploit Priority One level bugs, even in seemingly complex web applications.

(Intro) What makes a good submission
(Intro) Burp Suite Workshop
(Intermediate) Asset Discovery and Recon
(Advanced) XML External Entity Injection
(Advanced) Authorization & Access Control Testing (MFLAC, IDOR)
(Advanced) Server Side Request Forgery
(Advanced) Security Misconfiguration (Git, AWS, Subdomain, ++)

These trainings are 100% FREE to all ROOTCON attendees, first come first served basis only!

92 Days Out
Posted on: 06.27.18

Our theme this year Hackers: Heroes of the Computer Revolution, with a retro feel. With RC12 just around the corner, hearing those 56k dial-up modem feels so nostalgic.

ROOTCON 12 is now on full swing. Here are some updates for you

Talks lineup - 15 talks for two days

Speakers lineup - get to know the speakers

Schedule - what to expect on your two day hacking conference experience

Nullforge Private Party
Posted on: 06.21.18

We were overwhelmed with the submissions we received this year, here are the new set of talks freshly baked from the CFP review board.

True hackers hides behind the shadows, a retro hacker party organized by Nullforge Security Inc.

When: September 26, 2018 2000 HRS

About Nullforge

NullForge Security, Inc. is a premier cybersecurity company helping businesses protect their data, people, and their brands. Our passion and dedication to cybersecurity greatly reduce security risks and enable companies to focus on their core business.

Looking for another party? Checkout the Parties and Meet-ups

New set of Talks
Posted on: 06.20.18

We were overwhelmed with the submissions we received this year, here are the new set of talks freshly baked from the CFP review board.

Binary Patching for code injection

Bug Bounty Hunting on Steroids

Cyber Security Threats to Telecom Networks

Defending cloud Infrastructures with Cloud Security Suite

Exploiting ActionScript3 interpreter

Expl-iot: Hacking IoT like a boss

Fire & Ice: Making and Breaking macOS firewalls

How to rob a bank over the phone!

IoT and JTAG Primer

Mind the (Air) Gap


Keynote Speaker
Posted on: 05.31.18

Are you into cars? Are you into hacking? or both? You're in luck! the author of The Car Hacker's Handbook will be at ROOTCON 12 as a keynote speaker.

Introducing our ROOTCON 12 Keynote Speaker, Craig Smith.

Craig Smith is the Director of Transportation Security and Research at Rapid7, a cybersecurity analytics and automation company. He is also the founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers and artists. Craig authored the "Car Hacker's Handbook", the de facto guide to automotive security. At Rapid7, Craig runs the Transportation Practice, which specializes in providing strategic consultancy and deep technical expertise to the transport industries. His work includes extensive testing for innovative new technologies being developed in the automotive industry. Craig has developed many free and open source tools to help teach others about vehicle security. Craig has worked in security for over 20 years, with a focus on automotive and other types of transport for the last 7 years.

First round of talks!
Posted on: 05.29.18

We are stoked to announce the first round of talks for ROOTCON 12.

Call Of Duty - Modern Browser Warfare - The discussion flow would start from the importance of browsers, need for security within it, my research and vulnerabilities found, and finally demonstration of zero day, apart from other exploits and attacks, against browsers. The talk would conclude with a discussion around remediation efforts to protect these attacks.

Cracking Financial Systems - Recent attacks provide insight on cyber assaults which could halt the global economy. Financial systems are little more than a set of promises between various online and real life entities. Processes designed to make financial services safe have created new vulnerabilities. If systemic institutions were compromised, panic could spread.

Exploits in Wetware - Robert discusses his third place experience at the Defcon 2017 SE CTF and how his efforts clearly show how easy it is to get sensitive information from any organization. The 2017 Verizon report clearly shows the dramatic growth rate of social engineering attacks and Robert demonstrates how he collected hundreds of data points from the target organization using OSINT techniques. He then goes into the vishing strategy he implemented to maximize the points he collected in the 20 minute live contest. Without much effort Robert was able to know their VPN, OS, patch level, executive personal cell phone numbers and place of residence.

How (not) to fail at hardware - A lot of security is being moved into hardware. This doesn't fix security, it just makes it smaller. Security professionals have a good handle on network and application security, however when it comes to doing hardware testing, things are not as easy as they seem.

NFC Payments: The Art of Relay & Replay Attacks - Relay and replay attacks are more prevalent in the payment industry than ever, becoming more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR, NFC, APDU, hardware emulation design, specialized software, tokenization protocols and social engineering.

SAP Incident Response, how to attack and defend! - SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.

Walrus: Make the most of your card cloning devices - Walrus enables you to use your existing contactless card cloning devices with your Android device. Using a simple interface, cards can be read into a wallet to be written or emulated later.

Check out the complete synopsis of the talks.

Early Registration Now Open!
Posted on: 04.16.18

ROOTCON 12 is coming to life, master plan has been laid-out, CFP submissions are slowly coming-in, contests and events are being finalized, and today we open the doors for Early registration! This will only run from April 16 - May 16.

There will still be two mode of payments that will be accepted, direct deposit and through Paypal. Blackcard holders with their discount codes should select "Regular Rate" to apply the discount.

Register now

RC12 CFP is now open
Posted on: 04.09.18

ROOTCON 12 Call For Papers is open! Want to share those new research, shiny new exploits and exploitation techniques? Now is the best time.

Topics of interest but not limited to:

- Real-life hack (responsible disclosure required)
- Non-tech hacking
- New tool release
- Exploit Development
- Reverse Engineering
- Web Application Attacks
- Tools 101 (Metasploit, Nmap, etc…etc…)
- Wireless Attacks (3G, 4G, 802.11(x))
- Cloud Security
- Vulnerability Discovery
- OS Level Vulnerabilities
- Physical Security (Lock picking – Digital Locks or Digital Safes)
- SQL Injections
- Vendor Appliance Vulnerabilities
- Exploitation Techniques
- Mobile Security

Interested to submit? Fill-out the Call For Papers form.

CFP will close on June 09, 2018. Good luck!

RC12 CFP Review Board
Posted on: 02.23.18

With the Call For Papers just around the corner, we are proud to announce our Call For Papers Review Board for ROOTCON 12.

 Bill Breen
Bill Breen is a computer security subject matter expert in several domains. He is currently living in SE Asia and continues to work in the computer security arena. Mr. Breen has spent 17 years doing information security work for a Fortune 100 company. Work related to incident response, forensics, risk assessments, perimeter security and implementing security policy on a global scale. Mr. Breen has been a senior planner for the DEF CON security conference for over 12 years, and is on the CFP review board for DEF CON and BlackHat Asia. Mr. Breen is a very proud member of the Ninja Network hacker group, and has been involved in the hacking community for over 23 years.

 Maxi Soler
Maxi Soler has more than 10 years of experience in Information Security, his work has been oriented towards Penetration Testing, for Web and Mobile Application Security. Maxi is part of Black Hat Arsenal Review Board and has had the opportunity to deliver lectures in conferences such as Black Hat, DEF CON, OWASP AppSec, EKOParty, Andsec, H2HC, 8dot8 and many important conferences. He is the CTO of ArtsSEC a company securing the digital transformations.

 Raymond Nunez
Mon provides security consulting with a special focus to financial services, government systems, and telecommunications industries, while teaching Computer and Network Security for graduate students in UP Diliman. He is currently taking his PhD in Computer Science from the University of the Philippines, Diliman majoring in Security, researching on Wireless Networks, Software Defined Radio (SDR), Software Defined Networks (SDN), and Hypervisor Security. At DEF CON 24, he and his teammate Siege won the much coveted DEF CON Black Badge for winning the CTP Contest. They are now free for life at DEF CON aside from bragging rights. Mon regularly takes certifications such as GSEC, GNFA, GWAPT, GCIH, GASF, CISA, CISM, CICP, GXPN among others as a form of entertainment.

 Jay Turla
Jay Turla is an application security engineer at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework and has presented at ROOTCON, Nullcon, and TCON. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.

Call For Sponsors Is Up
Posted on: 02.07.18

ROOTCON has maintained it's balance between content and affordability this balance won't be possible without our sponsors who are supporting the conference and the infosec and hacking community.

Take part in the Computer Revolution and become a key player in the cyber security transformation in the millennial era. Leverage on this platform to "Learn", "Collaborate" and "Network" with the future CISOs and Information Security practitioners in leading industries. This venue is the avenue where you can share the capability and strengths of your brand in information security.

Head on to the Sponsorship Tier to check which fits your branding exposure. Call For Sponsors will close August 30, 2018.

Blackcard Registration Now Live!
Posted on: 02.05.18

ROOTCON Black card was formerly known as ROOTCON Ambassadors card, the black card is a program created by ROOTCON for the attendees to enjoy yearly discounts and other perks.

Perks offered
1. 20% discount on ROOTCON tickets applicable only on regular rates.
2. 10% off on all official ROOTCON swags.
3. FREE Entrance on ROOTCON Hackerspace activities.
4. FREE drinks at the ROOTCON chill-out area on the day of the event.
5. Priority lane during ROOTCON event check-in.

Upcoming perks
* Exclusive PC, laptops and more discounts (in negotiation with partners)

We are now accepting Blackcard registration, this registration only happens once a year so don't miss your opportunity, to register just follow the link below.

Register Here!

ROOTCON 12 Timeline
Posted on: 01.16.18

With only 200+ days to go ROOTCON 12 is slowly coming to life and plans has been laid out, whether you are joining for the tracks, update your skills with the trainings, join the gruelling contests, hosting a contests or activities or just to meet old and new friends. We are making sure you won't miss a single bit to the ROOTCON 12 road.

Here it is the ROOTCON 12 Timeline

Feb - March - Blackcard Application Opening (Blackcard registration)
April - June - Earlybird Registration (P8,050.00)
June - August - Regular Registration (P9,150.00)
Discounts like Blackcard, Students rate and Group rates will be posted on the registration page.

Call for Chaos
Feb - August - Call For Sponsors
April - June - Call For Papers
April - June - Call For Trainings
April - June - Call For Hosts

Parties & More
July - August - Zero-Hour party registration
July - August - CTF Registration

ROOTCON 12 Theme: Hackers: Heroes of the Computer Revolution
Posted on: 12.02.17

Time to gear up and get ROOTCON 12 a kick-off, starting off with our first task the ROOTCON 12 theme.

Event themes will give us the feel and vibe on the conference each year, last year we had Humans meets IoT where we had a vibe of knowing the troubles and insecurities on IoT devices.

This year we thought of giving highlights on the hacker community and the culture it's living, our theme will be Hackers: Heroes of the Computer Revolution which is based from the novel written by Steven Levey, on his novel he discussed about hacker culture and that he thought hackers were fascinating people, adventurers, visionaries, risk-takers and artists rather than what most ordinary nowadays pictured the word "hackers". The look n feel of this years theme will be carrying a Retro and 8-bit feel.