ROOTCON 11 will be held in Taal Vista Hotel in Tagaytay on September 21-22, 2017. RC11 site now live.

Latest News

RC11 H4XØR Party
Posted on: 07.20.17

What's up party hackers! The generic ROOTCON Post-con party is no more! As the subject suggests we came up with a more hackerish name for our infamous after-con party! afterall we are the largest and only hacker party that exists in the Philippines, kinda doubtful about our judgement? Go Google it!

Back to our subject - This year our party will no longer be a secret! No secret location and no secret codes, just pirates, ninjas, glow-sticks, lasers and unicorns.

This year we will be partying at Hacienda Isabella just few minutes away from Taal Vista.

Buy your party ticket NOW!

ZerØ Hour Party
Posted on: 07.11.17

With few months left before ROOTCON 11, party animals are popping-out, epic memories takes place at the epic parties!

Aside from the post-con party, ROOTCON will be throwing another epic one to be held at the Night Tracks, the ZerØ Hour party will be happening at the Night Tracks right after the two talks has been delivered for Night Tracks. So if you are planning to party at the night of RC11 Day 1 this is the place! and its for FREE! Now how awesome is that!

Sleep is for the weak! Come and party with us. New surprises awaits for you.

Know more about ZerØ Hour Party

RC11 PROMO CODE
Posted on: 07.11.17

Giving back to the hacking community!

Limited slots, limited time, could be the first and last promo code!

Promo code: HACKTHEPLANET

Valid until July 17 ONLY! REGISTER NOW!

RC11 Stash
Posted on: 07.11.17

Hello hacker fam! Travel back in time with this ROOTCON 11 Stash, get this awesome ROOTCON 11 t-shirt.

Order now! Visit the ROOTCON Official Shop



RC11 Trainings
Posted on: 06.16.17

The only conference in town that offers no extra charge for cutting-edge trainings! This year ROOTCON partnered with Bugcrowd team to run a Bug Bounty track where it runs series of trainings to fuel your security testing skills.

Trainings are for FREE when you register for ROOTCON 11

Available trainings:
Bug Bounty Operations - An Inside Look

Discovery: expanding your scope like a boss

Hacking 101

The Bug Hunters Methodology 2.0

Starting Your Bug Hunting Career Now

Meet the 1337s
Posted on: 05.25.17

It's not everyday we get to meet the 1337s in the InfoSec / Hacker community, this year Jason Haddix (@jhaddix) an 1337 and well respected hacker will be joining and delivering talks and trainings this ROOTCON 11.

Jason Haddix is the Head of Trust and Security at Bugcrowd. Jason trains and works with internal security engineers to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the researchers. Jason's interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructural security assessments, and static analysis. Jason lives in Santa Barbara with his wife and two children. Before joining Bugcrowd Jason was the Director of Penetration Testing for HP Fortify and also held the #1 rank on the Bugcrowd leaderboard for 2014.

Call For Papers Now Closed!
Posted on: 05.19.17

Slots has been filled! ROOTCON 11 Call For Papers is now closed.

Another great year for the CFP submissions, lots of good talks, but the CFP review board needs to pick the best. To all who submitted notification is on its way to your mailbox, if you didn’t make it this year don’t lose hope you still have next year, but the most awesome part you can still join us to learn new things, meet new and old friends and of course party with us.

ROOTCON would like to thank everyone who submitted! Big thanks to Maximiliano Soler (@maxisoler) the ToolsWatch and Blackhat Arsenal master who joined our CFP Review Board, and thank you to the rest of the CFP review board.

Final list of talks will be updated in the next few days. In the mean-time check out the approved talks this year.

ROOTCON 11 Hotel Booking
Posted on: 05.15.17

Taal Vista Hotel will be giving ROOTCON attendees special discounts during the conference.

For you to avail the discount, download and fill-up the form and send to [email protected]

For hassle free conference, book now at Taal Vista Hotel.

Other hotel recommendations nearby.
Destination Hotel
Hotel Dominique
View Park Hotel
Summit Ridge Tagaytay
The Lake Hotel

REGISTRATION NOW OPEN!
Posted on: 05.12.17

This is it people! time to get your slot for ROOTCON 11, Earlybird registration will close June 15, 2017.

Inclusions
Your registration includes the following: (swags and survival kit are subject to change without prior notice)

✓ Official RC11 badge
✓ Conference Access (2 days) includes buffet lunch, am and pm snacks
✓ Open trainings
✓ First 30 sold tickets will be entitled to a free invite to the ROOTCON post-con party
✓ Digital Certificate of Attendance (by request)
✓ RC11 Survival Kit
✓ Other Swags

REGISTER NOW!

Jayson E. Street In Da Haus!
Posted on: 05.12.17

This year we have the night tracks, hackers depo and other new awesome stuffs, but what makes it more awesome? We have an Infosec Rockstar in da house! Drum roll please....

Jayson E. Street is an author of Dissecting the hack: series. Jayson is also the DEF CON Groups Global Coordinator.He has also spoken at DEF CON, ShowMeCon, UCON and at several other CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street”.

He is a highly carbonated speaker, who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are, please note he was chosen as one of Time’s persons of the year for 2006.

Watch his NatGeo Breakthrough Episode here

Second Round of Talks!
Posted on: 04.17.17

The ROOTCON CFP review board are stoked with all the submissions this year, and without further ado, presenting the second round of talks for ROOTCON 11.

Breaking into iCloud Keychain - Do you remember 'celebgate'? Well, iCloud is not just about backups and private pictures. There is quite a lot of data that is also being *synced* across all the devices, and so stored in the iCloud. iCloud Keychain (that keeps your passwords and credit card data) is the most protected data among all other iCloud-synced categories, but still there is a way to break into it, and funny enough, it is *easier* for the accounts with two-factor authentication enabled.

Finding Your Way to Domain Admin Access and Even So, the Game Isn’t Over Yet. - In this presentation, we discuss the tricky scenarios we faced during internal penetration test engagements and how we have developed a tool to solve those issues. We want to fill the gap from after cracking a password hash (normal user) from NetBIOS/LLMNR/WPAD attacks to compromising the entire Domain as well as solving a few tricky issues that we as penetration testers face.

Dissecting Exploit Kits - The Exploit Kit market has been evolving during the past two years, while APJ users are among the most affected victims. The presentation will briefly overview the Exploit Kits market, guiding the audience through the infection flow, from the landing page, through malicious JS and Shellcode execution, to the final payload, such as Ransomware or Banking Trojans. Live demos of stepping through the infection flow of two Exploit Kit variants will include: JavaScript deobfuscation, Shellcode and other malicious payload Reverse Engineering and analysis.

The rise of security assistants over security audit services. - Mobile applications have not only become daily things of our lives, but they have also become a part of XXI culture. Corporate IT and security professionals have same needs with typical customers who manage personal information only. To understand a security, users should keep in mind what happens with their OS, applications, and its data and divide risks into vulnerability and privacy group. The first group refers to actions that break either application or OS. It usually designed to rare involve any user actions to break security mechanisms and get access to user data. The second group refers to privacy issues and describes cases when data stored or transmitted insecurely.

(Read more...)

Call For Sponsors now open!
Posted on: 04.17.17

The long wait is over.

Sponsoring ROOTCON is making presence in the Information Security industry and hacking community.

Our sponsors is as important as the con-goers, so for ROOTCON to serve our sponsors better we opened up the 3rd ballroom in Taal Vista just for our sponsors, where they can showcase their products, do recruitment and many more.

We also hired a third-party team, eMazing Ways Marketing Inc. will be managing our sponsors this year for better logistics, improve marketing visibility and enhanced partner management pre and post con event for ROOTCON 11.

Checkout the sponsors page to know more.

RC11 first round of talks revealed
Posted on: 04.09.17

Before we plunged-in to the summer waves, here's a quick ROOTCON 11 talks update.

7 sins of ATM protection against logical attacks - Everyone is perfectly familiar with logical and black-box attacks on ATMs. But hardly any countermeasures have been taken so far: banks are sure that their devices are perfectly protected, until hackers prove them wrong.

Demystifying The Ransomware and IoT Threat - We have seen a rise in Ransomware attacks in the past year. While we are recovering from these attacks a new wave of DDoS attacks using IoT devices suddenly thrust into the limelight. In this talk, I will discuss all the stages of a ransomware attack.

Drone Hijacking and other IoT hacking with GNU Radio and SDR - Internet of things is surrounding us. Is it secure? Or does its security stand on (deemed) invisibility? SDR (Software-defined radio) and GNU Radio can answer these questions. In this presentation, we will play some modern wireless devices.

Hunting Hunters with OSint - Passive and reactive are the common denominators of a security breached. With this presentation, proactive approach will be showcase for the IT security professionals who are specially into SOC's, Analysis, and Forensics; where using Open Source Intelligence, adversaries can be defeated in no time.

The future of ApplePwn. How to save your money. - It was obvious that this attack was possible by default: if the phone is jailbroken, then it's possible to steal the money, but for some reason everyone claimed about the opposite, considering "Apple Pay is the Most Secure Form of Payment".

(Read more...)

RC11 Night Lounge
Posted on: 04.05.17

It's within ROOTCON’s DNA to improve and introduce awesome great new things for the conference. This year ROOTCON will be extending Day 1 up until 11 or 12 midnight and will be dubbed as the ROOTCON Night Lounge.

What do you need to know?
Ok hacker fam - prepare your pajamas, caffeine fix and popcorn. The ROOTCON Night Lounge will host different kinds of activities this year. From movie night, company party to hacking contests and many more. Night Tracks will also be presented during this time of the day so stay up late and hear those awesome talks! Also good news to our CTF players - playtime will run in parallel to the night tracks too so you will have more hours to capture those flags.

Other activies are still in the planning pipeline. One thing we guarantee to our con-goers is to give you the best night ever!

RC11 Call For Papers
Posted on: 03.30.17

Updated (04.01.17) ROOTCON 11 Call For Papers now accepting submissions through CFP page.

-----

Calling all humans, semi-humans, or demi-gods in the InfoSec and Hacking community with special skills in Exploit-Fu, Wi-Fu, or any other hacking ninja skills. ROOTCON 11 is in need of awesome speakers with cutting-edge talks.

Topics of interest but not limited to:

- Real-life hack (responsible disclosure required)
- Non-tech hacking
- New tool release
- Exploit Development
- Reverse Engineering
- Web Application Attacks
- Tools 101 (Metasploit, Nmap, etc…etc…)
- Wireless Attacks (3G, 4G, 802.11(x))
- Cloud Security
- Vulnerability Discovery
- OS Level Vulnerabilities
- Physical Security (Lock picking – Digital Locks or Digital Safes)
- SQL Injections
- Vendor Appliance Vulnerabilities
- Exploitation Techniques
- Mobile Security

Opens April 1, 2017

It's just getting better
Posted on: 03.28.17

Each year ROOTCON keeps on brewing new, exciting and great things for the conference, this year we added some awesome sauce to the mix.

Day 1 Extended - we will be extending our Day 1 activities up until 11:00PM or 12:00AM. Day 1 will host several hacking games, movie night, parties, and the night tracks. Prepare the energy drinks please...

Night Tracks - what is a night tracks? A night tracks is a never before seen or heard presentation, the presentation on Night Tracks will be focused on cutting-edge research, zer0-day presentation, or a unique IoT vulnerability discovery. (If you qualified for the Night Tracks you will gain the highest Black Badge honor of LIFETIME access to ROOTCON.)

Infosec Rockstar - this year we will be visited by an Infosec Rockstar, announcements will be made soon.

And finally
Hackers Depot - have tools to showcase? Or just want to know the latest tools-of-trade hackers use, visit the "Hackers Depot" area.

These are the main highlights that will be adding to ROOTCON this year.