Where the shells land: a forensic perspective on in-the-wild exploitation
Donncha Ó Cearbhaill
Hexacon 2025 · Day 2 · Main Stage
Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, delivered the closing keynote at Hexacon, offering a crucial defender's perspective on the offensive cybersecurity industry. His talk, "Where the shells land," delves into the real-world impact of sophisticated surveillance tools and exploits when they are abused against activists, journalists, and opposition politicians globally. Ó Cearbhaill underscored that while the technical brilliance of exploit developers is undeniable, the downstream misuse of these capabilities poses a severe threat to human rights and democratic institutions.
AI review
Donncha Ó Cearbhaill delivers something increasingly rare at offensive security conferences: a talk grounded in real forensic casework that forces the technical community to confront where their craft actually lands. The Serbia case studies alone — Celebrite-chained Qualcomm ADSP RPC driver exploitation, multi-stage emulated USB device attacks tracing through HID, UVC, and XCG driver vulnerabilities — are genuine technical contributions, not recycled awareness talking points. This isn't a human rights lecture dressed up with screenshots; it's forensic reverse engineering of in-the-wild…