September 26-27, 2014 Parklane Hotel, Cebu City
Media direct downloads || Back to past events


3G / 4G - The Hacking Scene by: Markku Kero
Wireless networks (3G and 4G) are very commonly used today, and frequently we connect to them and use them carelessly and without a second thought. In this session we look at wireless networks from a hacker’s perspective, and will see how easy or hard it is to hack other users within the networks, and/or the networks themselves, and what it would take from a hacker to do so. We will also ask how one could protect themselves from such attacks attempted by others.

Advanced HTTP Header Security Analysis - Day 1 Keynote by: Nathan LaFollette
HTTP Headers are the least protected areas in a Web Application. Nathan will discuss weaknesses with current HTTP Header Security, and will demonstrate techniques to bypass HTTP Header Security Controls. During the presentation, Nathan will also dissect, analyze, and educate the audience on advanced HTTP Header Attack Payloads. A live demonstration will be performed during the presentation.

Browser extension malware extend cybercrime capabilities by: Lenart Bermejo
Browser extensions have recently become popular, not only as a utility and application but also as a way for malware authors to perform their malicious activities. See how several malware families effectively use browser extensions for monetized social media activities, information theft, and click fraud activities, their own method of evading user detection or removal, and how they leverage this browser's feature in line with the continually growing popularity of social media sites for profit and propagation.

Cyber Security in the Country: Where are we? Day 2 Keynote by: Nebu Alejandrino
The Philippines' Depart Of National Defense (DND) has it's own cyber security defense for the country, this track will discuss the cyber security threat landscape and what are the defense the Philippines has to offer protecting the motherland.

Network Security Monitoring: Beyond Intrusion Detection by: r3wtninja
This talk will introduce the concept of Network Security Monitoring, what are its advantages over traditional Intrusion Detection Systems; what are the tools freely available for a succesful NSM operation. Including a demo of available tools.

New Techniques: Email Based Threat and Attacks by: Lalaine Gregorio
Just as email, the most common form of online communications has become a basic online activity, spam, too are often perceived as mere nuisances or simple threats. However, its continued prevalence suggests that cybercriminals and threat actors continue to use them to target and attack users and organizations. Through notable cases and relevant data, this presentation will discuss the evolving techniques of spam that continuously make themselves relevant in the current threat landscape, and how they are used in cybercriminal activities and highly targeted attacks.

Philippine Open Internet Exchange by: Bani Lara
The government, thru ASTI-DOST, has been operating a local internet exchange called the "Philippine Open Internet Exchange", or PhOpenIX. Its goal, as in any other internet exchange in the world, is to make sure that "ISPs be able to deliver and receive traffic between domestic endpoints without passing the traffic across the national border." The government has been operating this routing infrastructure since 2007, so it has been in existence for almost seven (7) years. It is trying to foster a local environment where big networks are talking to small networks as equals in a peering environment.

We would like to present updates about our activities, as well as our future goals that are beneficial to this community.

Shellcode Exploit Analysis: Tips and Tricks by: Romeo Dela Cruz
Exploits are often used as a starting point of malware infection chain because of its effectiveness to infiltrate a system or even networks. Because of its evasion techniques and used of newly found vulnerabilities in software or applications known as zero-day exploits, AV products have difficulty in containing this threat. Users’ failure to regularly update their systems is one factor as to why exploits become prevalent in the threat landscape. Furthermore, enterprises also delay patches to continue business operations and to test first updates in their environment before deploying it. As such, this opens the network to windows of exposures.

In this presentation, we will provide demonstration in analyzing exploit code that helps the reverse-engineer to speed-up its analysis. We will also tackle commonly exploited applications in the wild and how these exploits are used in targeted attacks and the ways we can mitigate the risks posed by this threat.

*Nix BotNets Do Exist by: TheGoons
Command and Conquer for Linux? Aside from backdoors and rootkits, it is also possible by using IRC (Internet Relay Chat) Botnets A.K.A the artificial lurkers of IRC. By running commands from the system, it can be used for DDoS / DoS attacks, mass vulnerability scanning, port scanning, etc. In this topic, we will be covering common methods of compromising a machine and eventually launching attacks using bot/botnets, we will be doing a live demo of a new simple BOT that can potentially become a dark force multiplier for DOS attacks. Simple detection and analysis of possible botnets will also be presented.

The Necurs Rootkit by: Nico Paulo Yturriaga
Necurs has been one of the most prevalent rootkits out there. In 2012 Necurs has been found on 83,427 unique machines as reported by Microsoft. As of today new samples of this rootkit are still being created and integrated with popular malware such as ‘Zeus’. In this presentation Nico will discuss the symptoms of being infected by necurs rootkit, the rootkit installation and the things that happen when the rootkit owns an infected machine.

Social Engineering: Hacking The Mind by: Mark Jayson Principe
Humans are the weakest link in Information Security, social engineering refers to the psychological manipulation of people into divulging confidential information. This talk will show you how to hack and protect the mind using Neuro-linguistic programming.


 Bani Lara
My day job is mostly taking care of the three networks that we are running. The first network is a national research and education network called the Philippine Research, Education and Government Information Network or PREGINET ( It is a nationwide broadband testbed connecting academic and research institutions, both local and abroad. The main objective of this network is to study future internet technologies, localise the technology in the context of our local setting, and advocate its use. The second network that we are running is called the Integrated Government network or iGov ( It is a nationwide broadband network connecting all the government agencies in my country. Its main goal is to make e-governance inclusive, cost-effective and efficient. The third network that we are running is called the Philippine Open Internet Exchange ( It is a local internet exchange that encourages peering and local routing among the networks within the Philippines.

  LaLaine Gregorio
LaLaine Gregorio is an Email Reputation Services Manager in the Content Centric Team in TrendLabs, the Global Technical Support and R&D Center of Trend Micro. She has implements various generic/heuristic anti-spam solutions to detect malicious emails and conduct some research on email threats using data analysis on available information from originating IP of the spam mail samples, malicious URL and or malicious file and the possible intent of the spammers. She was also been invited to several speaking engagements to talk about the computer security trends, specifically on spam and phishing.

  Lenart Bermejo
Lenart Bermejo is a Senior Threat Response Engineer in the Content Centric Team in TrendLabs, the Global Technical Support and R&D Center of Trend Micro. He handles first level escalation as well as knowledge transfer sessions for Threat Response Engineer’s to enhance their technical skill for new threats on the rise.

Lenart also conducts research for new and emerging threats.

 Mark Jayson Principe
Mark Jayson Principe Founder of Trance Manila, The first exclusive community for hypnotist and NLP practitioners. Certified Hypnotherapist and Certified NLP practitioner, Have been doing Hypnosis/NLP for more that 4 years and have been doing professional clinical hypnotherapy for more than 2 years.

  Markku Kero
Currently Markku Kero is the CEO of Eqela and Job and Esther Technologies. He also serves as Chief Software Architect for both companies. Over the last 15 years, Markku has been the driving force behind some of the most compelling technologies that have consistently been ahead of their time, overseeing the implementation of a 2G-compatible mobile voice over IP technology implementation, a mobile messaging system unifying email, SMS and instant messaging, a multi-device operating system and now automated programming language translation technology. He has founded and managed several companies in this field, previously Inceptions, Inc. and Kolipri Communications, currently Job and Esther Technologies and Eqela.

  Nico Paulo Yturriaga
Nico Paulo Yturriaga is a malware researcher from ThreatTrack Security. He has been reversing and detecting malwares for almost 3 years. In this short stint, he was able to showcase his kernel debugging skills and the ability to counter anti-debugging routines in advanced malwares. He is part of the Advanced Solutions team that is assigned in remediating system infection of malwares and rootkits. His focus right now is improving VIPRE Antivirus' remediation score for AV certification bodies.

r3wtninja has been in the security industry for more than 10 years, he has been very active in the infosec community in the country. He is also known as the drunken game master at ROOTCON.

  Nathan LaFollette
Nathan LaFollette (@httphacker) is the Global AppSec Delivery Manager for HP Fortify on Demand. Nathan has been leading international security engagements in the areas of Web Application Penetration Testing for many years. Nathan’s vast experience with web vulnerability analysis is unmatched in the industry. Nathan has advised and performed Web Application Penetration Testing for some of the world’s largest publicly and privately traded companies. Nathan brings a great deal of international security threat expertise and corporate security experience to the information security community.

  Nebu Alejandrino
Director Nebuchadnezzar S Alejandrino is the Chief of the Department of National Defense’s Management Information System Service. Prior to his appointment at DND, he was a consultant at the National Security Council. Upon assumption of office in 2011, he created the Cybersecurity Division of the Department. In the early eighties, he served as Chief Security Officer of the National Computer Center, then under the Office of the President. Dir. Alejandrino was a Fellow at the Asia Pacific Center for Security Studies, Honolulu, Hawaii and a recent graduate of the first ever course on Cybersecurity at the Harvard Kennedy School of Government, Cambridge, Massachusetts.

  Romeo Dela Cruz
Romeo “Meong” Dela Cruz is part of the Technical Leads team in Trend Micro Core Technology department. He has six years of experience in malware analysis, clean-up and solution. He handles first level escalation as well as knowledge transfer sessions for threat response engineers to enhance their technical skills in analyzing threats on the rise. He also contributes to the TrendLabs Security Intelligence blog.

Make way for the RC Goons, these people has wide variety of Kung-Fu and Networking skills, each year they gather to setup and launch a Hacker Conference to practice and show off their skills in alcoholic drinking, debugging, packet sniffing, and socializing. Without these people, ROOTCON wont be a reality. Its due to there dedication, hardwork and commitment that made it happen.


Receives the Black Badge entitled them for free entrance for next years conference.
WiFi Warrior - No Winner
The Secrecy (Capture The Flag) - Team Jill
Hacker Jeopardy - (To Be Updated)



⇑ Back to top