44CON 2025

September 17-19, 2025 · London, UK · 13 talks

The UK's premier security conference. Original offensive and defensive research, policy discussions, and the best practitioner talks in the European security scene — no vendor theater.

→ See editor’s top picks at 44CON 2025

• Beau Woods - Embracing Cyber Policy — Beau Woods

  Woods argues that security practitioners must engage with policy — the rules governing the field are written by people who need our expertise.

• A Brief Intro to Cyber Policy — Jen Ellis

  Ellis introduces cyber policy mechanics for technical practitioners and explains why engagement is both accessible and necessary.

• Bring Your Own Binaries – Train Your Own Graph Neural Network for Binary Function Search — Will Lyn

  Will Lyn, Head of Cyber Intelligence at the UK's National Crime Agency (NCA), delivered a candid operational briefing on how law enforcement is evolving its doctrine to combat the ransomware ecosystem

• bin2ml: Turning Software Binaries into Machine Learning Ready Training Data — Josh Collyer

  Machine learning applied to binary analysis is a field drowning in interesting ideas and starved for good training data. Papers proposing neural network approaches to tasks like function similarity se

• Reverse Engineering Patch Tuesday — John McIntosh

  Every second Tuesday of every month, Microsoft releases a security update package containing patches for dozens — sometimes over a hundred — CVEs. The Microsoft Security Response Center (MSRC) publish

• Threat Hunting in the Browser — Luke Jennings

  The threat landscape has shifted decisively: identity attacks now account for the majority of breaches, attacks often bypass endpoints entirely, and the browser has become the primary battleground bet

• Simple Machine Learning Techniques for Binary Diffing (in Diaphora) — Joxean Koret

  Binary diffing—the process of finding matching functions between two binaries—is a fundamental technique in vulnerability research, patch diffing, malware family tracking, and reverse engineering. Dia

• Unprivileged Containers: Shaving Yaks To Get the Toothpaste Back In the Tube — Matt Carroll

  When Yelp's internal security team discovered that any developer on a shared development machine could trivially escalate to root — courtesy of privileged Docker sockets — the obvious answer was "just

• Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own — Alex Plaskett, McCaulay Hudson

  Electric vehicle charging infrastructure is proliferating rapidly — the UK alone is targeting 300,000 public charging points by 2030 — and the security of these devices is, to put it mildly, not keepi

• HL7Magic: Medical Data Hacking Made Easy — Katie Inns

  The healthcare industry is one of the most frequently targeted sectors for cyberattacks, yet security research into healthcare-specific protocols has historically been scarce and taboo. At 44CON 2025,

• Two Fat Men, One Filesystem — Signedness

  NFS (Network File System) version 2 and 3 are older than most of the people attacking them, and yet they remain deployed across internal enterprise networks, embedded devices, and — perplexingly — tho

• Unveiling the Ghosts of Mobile Networks: When Will Old Bugs Die? — Dr. Altaf Shaik

  Mobile network security bugs do not die when they are patched—they resurface in newer generations, migrate to related products, or persist unaddressed in deployed infrastructure for years. In this 44C

• Fooling Experts and Judges – Digital Evidence turns into Digital Evil Dance — Eric Filiol

  Digital evidence — metadata, erased data, and encrypted files — is increasingly treated as near-infallible proof in criminal and civil proceedings. Judges and forensic experts, particularly those with