Hexacon 2025
Offensive security conference in Paris featuring heavy-hitting technical research on exploit development, kernel vulnerabilities, hardware attacks, and in-the-wild exploitation.
→ See editor’s top picks at Hexacon 2025
- Opening Keynote — Ivan Krstić
In this Hexacon keynote, Ivan Krstić, Head of Security Engineering and Architecture at Apple, presented a compelling vision for the future of security, arguing that the field is experiencing an…
- Exploiting the Undefined: PWNing Firefox by Settling its Promises — Tao Yan, Edouard Bochin
This talk, presented by Tao Yan and Edouard Bochin from Palo Alto Networks, delves into a sophisticated exploitation chain targeting a long-standing vulnerability in the Firefox JavaScript engine…
- From 2-Bit Reset to 0-Click RCE in Redis: A Pwn2Own Edition — Benny Isaacs
In a groundbreaking presentation at Hexacon, Benny Isaacs, a Senior Security Researcher at Wiz, detailed a complex **zero-click Remote Code Execution (RCE)** vulnerability discovered and exploited…
- Arise from the Wireless: Breaking the Security Barrier in Wi-Fi — Wei-Che Kao
In this comprehensive security study presented at Hexacon, Wei-Che Kao, a security researcher from DEVCORE, delved into the often-overlooked security landscape of MediaTek Wi-Fi chips. The talk…
- Crash One - A StarBucks Story (CVE-2025-24277) — Csaba Fitzl, Gergely Kalman
This talk, "Crash One - A Starbucks Story," presented by Csaba Fitzl and Gergely Kalman, delves into a critical vulnerability (CVE-2025-24277) they uncovered in macOS. The presentation meticulously…
- Breaking the Vault: USB Bugs and Bug Bounty Failures — Sergei Volokitin
In this insightful Hexacon talk, independent security researcher Sergei Volokitin, known as Hexplot, delves into the critical vulnerabilities he uncovered in the Cypherock X1 hardware wallet, a…
- Déjà Vu in Linux io_uring: Breaking Memory Sharing Again After Generations of Fixes — Chih-Yen Chang
This talk, presented by Chih-Yen Chang, also known as Pumpkin, from DEVCORE, delves into a critical race condition he discovered within the Linux kernel's **io_uring** subsystem, identified as…
- Inside Apple Secure Enclave Processor in 2025 — Quentin Salingue
- ReVault! Compromised by your Secure SoC — Philippe Laulheret
In this Hexacon presentation, Philippe Laulheret, a Senior Vulnerability Researcher at Cisco Talos, unveiled a series of critical vulnerabilities affecting Dell's **ControlVault 3** and…
- Korean Rookie Hackers' Journey: Road to Pwn2Own with a VirtualBox Exploit — Han-seo Kim
This talk, presented by Han-seo Kim, details the remarkable journey of young Korean hackers, specifically Team PrisonBreak, from foundational cybersecurity education to achieving a significant…
- NTLM reflection is dead, long live NTLM reflection: Story of an accidental Windows RCE — Wilfried Bécard
This talk, presented by Wilfried Bécard of Synacktiv, delves into the accidental discovery and intricate mechanics of a novel Windows remote code execution (RCE) vulnerability, initially…
- An RbTree Family Drama: Exploiting a Linux Kernel 0-day Through Red-Black Tree Transformations — William Liu, Savino Dicanosa
In this Hexacon talk, security researchers William Liu of NVIDIA and Savino Dicanosa, an independent researcher, unveiled a sophisticated Linux kernel zero-day exploit, dubbed "An RbTree Family…
- Paint it Blue: Attacking the Bluetooth stack — Mehdi Talbi, Etienne Helluy-Lafont
This talk, "Paint it Blue: Attacking the Bluetooth stack," presented by Mehdi Talbi and Etienne Helluy-Lafont from Synacktiv, details a sophisticated exploitation chain targeting a critical heap…
- CUDA de Grâce: Owning AI Cloud Infrastructure with GPU exploits — Valentina Palmiotti, Samuel Lovejoy
In an era defined by the explosive growth of Artificial Intelligence (AI) and Machine Learning (ML), the underlying compute infrastructure, particularly Graphics Processing Units (GPUs), has become…
- Where the shells land: a forensic perspective on in-the-wild exploitation — Donncha Ó Cearbhaill
Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, delivered the closing keynote at Hexacon, offering a crucial defender's perspective on the offensive cybersecurity industry…