Second Round of Talks!
Posted on: 04.17.17

The ROOTCON CFP review board are stoked with all the submissions this year, and without further ado, presenting the second round of talks for ROOTCON 11.

Breaking into iCloud Keychain - Do you remember 'celebgate'? Well, iCloud is not just about backups and private pictures. There is quite a lot of data that is also being *synced* across all the devices, and so stored in the iCloud. iCloud Keychain (that keeps your passwords and credit card data) is the most protected data among all other iCloud-synced categories, but still there is a way to break into it, and funny enough, it is *easier* for the accounts with two-factor authentication enabled.

Finding Your Way to Domain Admin Access and Even So, the Game Isn’t Over Yet. - In this presentation, we discuss the tricky scenarios we faced during internal penetration test engagements and how we have developed a tool to solve those issues. We want to fill the gap from after cracking a password hash (normal user) from NetBIOS/LLMNR/WPAD attacks to compromising the entire Domain as well as solving a few tricky issues that we as penetration testers face.

Dissecting Exploit Kits - The Exploit Kit market has been evolving during the past two years, while APJ users are among the most affected victims. The presentation will briefly overview the Exploit Kits market, guiding the audience through the infection flow, from the landing page, through malicious JS and Shellcode execution, to the final payload, such as Ransomware or Banking Trojans. Live demos of stepping through the infection flow of two Exploit Kit variants will include: JavaScript deobfuscation, Shellcode and other malicious payload Reverse Engineering and analysis.

The rise of security assistants over security audit services. - Mobile applications have not only become daily things of our lives, but they have also become a part of XXI culture. Corporate IT and security professionals have same needs with typical customers who manage personal information only. To understand a security, users should keep in mind what happens with their OS, applications, and its data and divide risks into vulnerability and privacy group. The first group refers to actions that break either application or OS. It usually designed to rare involve any user actions to break security mechanisms and get access to user data. The second group refers to privacy issues and describes cases when data stored or transmitted insecurely.

(Read more...)

Call For Sponsors now open!
Posted on: 04.17.17

The long wait is over.

Sponsoring ROOTCON is making presence in the Information Security industry and hacking community.

Our sponsors is as important as the con-goers, so for ROOTCON to serve our sponsors better we opened up the 3rd ballroom in Taal Vista just for our sponsors, where they can showcase their products, do recruitment and many more.

We also hired a third-party team, eMazing Ways Marketing Inc. will be managing our sponsors this year for better logistics, improve marketing visibility and enhanced partner management pre and post con event for ROOTCON 11.

Checkout the sponsors page to know more.

RC11 first round of talks revealed
Posted on: 04.09.17

Before we plunged-in to the summer waves, here's a quick ROOTCON 11 talks update.

7 sins of ATM protection against logical attacks - Everyone is perfectly familiar with logical and black-box attacks on ATMs. But hardly any countermeasures have been taken so far: banks are sure that their devices are perfectly protected, until hackers prove them wrong.

Demystifying The Ransomware and IoT Threat - We have seen a rise in Ransomware attacks in the past year. While we are recovering from these attacks a new wave of DDoS attacks using IoT devices suddenly thrust into the limelight. In this talk, I will discuss all the stages of a ransomware attack.

Drone Hijacking and other IoT hacking with GNU Radio and SDR - Internet of things is surrounding us. Is it secure? Or does its security stand on (deemed) invisibility? SDR (Software-defined radio) and GNU Radio can answer these questions. In this presentation, we will play some modern wireless devices.

Hunting Hunters with OSint - Passive and reactive are the common denominators of a security breached. With this presentation, proactive approach will be showcase for the IT security professionals who are specially into SOC's, Analysis, and Forensics; where using Open Source Intelligence, adversaries can be defeated in no time.

The future of ApplePwn. How to save your money. - It was obvious that this attack was possible by default: if the phone is jailbroken, then it's possible to steal the money, but for some reason everyone claimed about the opposite, considering "Apple Pay is the Most Secure Form of Payment".

(Read more...)

RC11 Night Lounge
Posted on: 04.05.17

It's within ROOTCON’s DNA to improve and introduce awesome great new things for the conference. This year ROOTCON will be extending Day 1 up until 11 or 12 midnight and will be dubbed as the ROOTCON Night Lounge.

What do you need to know?
Ok hacker fam - prepare your pajamas, caffeine fix and popcorn. The ROOTCON Night Lounge will host different kinds of activities this year. From movie night, company party to hacking contests and many more. Night Tracks will also be presented during this time of the day so stay up late and hear those awesome talks! Also good news to our CTF players - playtime will run in parallel to the night tracks too so you will have more hours to capture those flags.

Other activies are still in the planning pipeline. One thing we guarantee to our con-goers is to give you the best night ever!

RC11 Call For Papers
Posted on: 03.30.17

Updated (04.01.17) ROOTCON 11 Call For Papers now accepting submissions through CFP page.


Calling all humans, semi-humans, or demi-gods in the InfoSec and Hacking community with special skills in Exploit-Fu, Wi-Fu, or any other hacking ninja skills. ROOTCON 11 is in need of awesome speakers with cutting-edge talks.

Topics of interest but not limited to:

- Real-life hack (responsible disclosure required)
- Non-tech hacking
- New tool release
- Exploit Development
- Reverse Engineering
- Web Application Attacks
- Tools 101 (Metasploit, Nmap, etc…etc…)
- Wireless Attacks (3G, 4G, 802.11(x))
- Cloud Security
- Vulnerability Discovery
- OS Level Vulnerabilities
- Physical Security (Lock picking – Digital Locks or Digital Safes)
- SQL Injections
- Vendor Appliance Vulnerabilities
- Exploitation Techniques
- Mobile Security

Opens April 1, 2017

It's just getting better
Posted on: 03.28.17

Each year ROOTCON keeps on brewing new, exciting and great things for the conference, this year we added some awesome sauce to the mix.

Day 1 Extended - we will be extending our Day 1 activities up until 11:00PM or 12:00AM. Day 1 will host several hacking games, movie night, parties, and the night tracks. Prepare the energy drinks please...

Night Tracks - what is a night tracks? A night tracks is a never before seen or heard presentation, the presentation on Night Tracks will be focused on cutting-edge research, zer0-day presentation, or a unique IoT vulnerability discovery. (If you qualified for the Night Tracks you will gain the highest Black Badge honor of LIFETIME access to ROOTCON.)

Infosec Rockstar - this year we will be visited by an Infosec Rockstar, announcements will be made soon.

And finally
Hackers Depot - have tools to showcase? Or just want to know the latest tools-of-trade hackers use, visit the "Hackers Depot" area.

These are the main highlights that will be adding to ROOTCON this year.

RC Media Server
Posted on: 03.27.17

Leechers start your engines, the ROOTCON media server is now live!

Our weekend at the ROOTCON HQ was filled with dumping all the ROOTCON contents into the new media server. We linked our past events directly to the new media server, our front-end media server is intuitive so you can download it with ease.

The relics of the conference is a living proof how our event evolved throughout the years.

Chillout area is back!
Posted on: 03.24.17

Last year we introduced the Chillout area at ROOTCON 10, through-out the conference we consumed up 70 liters of beer, this is just for the chillout area.

What's a hacker conference without a beer? Chillout area is back at ROOTCON 11 this year, and we are boosting up our beer supply, free for RC Blackcard holder and donations for non-blackcard holder.

ROOTCON 11 Registration Details
Posted on: 03.13.17

Registration details for ROOTCON 11 has been revealed.

Earlybird P7,650 (Opens April 1 to May 30)
Regular rate P8,550 (June - Aug)
Group of 5 P7,750 (June - Aug)
Students rate P7,650 (June - Aug)
Late registration P11,550 (September)

2 day conference access w/ lunch buffet + snacks
Free-seating trainings Day 1 & Day 2
Official ROOTCON Badge
and other swags...

Inclusions and prices are subject to change without prior notice.

ROOTCON Blackcard Accepting Registration
Posted on: 03.06.17

What's up hacker fam, we created various ways for you to come and join us for a fun yet mind-whacking hacking conference, and the ROOTCON Blackcard is one of them, the blackcard gives you not only the biggest discount you can get if you register to ROOTCON 11, it is equip with other perks like priority lane during conference check-in, discounts on swags and most of all FREE drinks at the ROOTCON Chill-out area.

Registration is limited time only, to apply click on the link below.

Blackcard will only be accepting registration from March 6 - April 15, 2017.

» Apply Now!

ROOTCON 11 Venue
Posted on: 03.06.17

At ROOTCON we always aim for perfection, aside from our high-caliber tracks the ROOTCON is a critical part of the event, moving from one place to another does not guarantee perfection of the event, so with that said you've noticed that we don't change venue every year, cuz we want it to be perfect before dealing with another logistics problem. With that said ROOTCON this year will be back at Taal Vista Hotel in Tagaytay for ROOTCON11.

Why not Metro Manila? To answer that question, ROOTCON is a fun less formal conference and we want our con-goers to feel like they're just on vacation and having fun while learning.

Aside from the date, we usually announce the venue as early as possible, this is for our con-goers to plan ahead.

Some pro-tips
1. If you are going to ROOTCON on personal expense start saving, scout some hotels, invite some friends for ride and room sharing.

2. If you feel like management will be sending you to ROOTCON get that management approval now! company budget runs-out pretty fast =)

What are you waiting for? Plan your ROOTCON experience now!