Best Talks at REcon 2025
Hand-picked from in-depth reviewer verdicts. View all talks at REcon 2025 →
- 1. QuickShell: Sharing is caring about an RCE attack chain on Quick Share — Or Yair
Google's Quick Share — the AirDrop equivalent for Android and Windows — turned out to harbor a chain of vulnerabilities serious enough to achieve unauthenticated remote code execution on a victim's Wi
- 2. A Trip to Ancient BABYLON: Unearthing a 2017 Pegasus Persistence Exploit — Bill Marczak, Daniel Roethlisberger
In mid-2024, Citizen Lab researchers Bill Marczak and Daniel Roethlisberger stumbled onto something unusual on VirusTotal: an old sample of NSO Group's Pegasus spyware, calibrated to a specific victim
- 3. Abusing Domestic EV Chargers through Bluetooth and USB — Riccardo Mori, Robin David
Electric vehicle (EV) adoption surged 25% worldwide in 2024, but the charging infrastructure expanding alongside it has not kept pace with basic security expectations. At REcon 2025, Quarkslab researc
- 4. Call, Crash, Repeat: Hacking WhatsApp — Luke McLaren
With roughly two billion active users worldwide, WhatsApp is the most widely deployed end-to-end encrypted messaging platform on Earth. Its ubiquity makes it both an attractive target for adversaries
- 5. Reverse Engineering Patch Tuesday — John McIntosh
Every month, Microsoft releases a batch of security updates on Patch Tuesday — and every month, the security community is left squinting at a list of CVE identifiers with partial, incomplete, or entir