Nullcon Goa 2025
Nullcon's flagship Goa conference is one of Asia's largest practitioner-driven infosec gatherings, mixing offensive research, mobile/macOS internals, supply-chain and AI/ML threat modeling, hardware hacking, and policy. Goa 2025 ran March 1-2 at BITS Goa with the Daniel Cuthbert keynote and tracks spanning iOS/macOS, BountyCraft, Winja, and Supply Chain.
→ See editor’s top picks at Nullcon Goa 2025
- Securing the chains: Building defensive layers for software supply chains
In an era defined by interconnected software components, the security of the software supply chain has become a paramount concern for organizations worldwide. This Nullcon talk, "Securing the…
- Large-Scale Exposure Of Orphaned Commits On Major Git Platforms by Kumar Ashwin
Ashwin Kumar's Nullcon talk, "Large-Scale Exposure Of Orphaned Commits On Major Git Platforms," sheds critical light on a pervasive yet often overlooked security vulnerability: the persistence of…
- Panel: Modernizing Security Architecture: Platforms or Best-of-Breed, What Works?
In an insightful panel discussion at Nullcon, moderated by Rahul Neil Money from Information Security Media Group, leading cybersecurity executives delved into one of the most persistent dilemmas…
- Panel | Cyber Fusion Center: The Command Center For Integrated Cyber Defense
This Nullcon panel discussion, titled "Cyber Fusion Center: The Command Center For Integrated Cyber Defense," delves into the evolving landscape of cybersecurity operations, moving beyond…
- Unlocking India’s cyber potential through policy, innovation, and partnerships
This Nullcon talk delves into India's strategic vision and ongoing efforts to cultivate a formidable cybersecurity ecosystem. The discussion, presented by a distinguished panel from key government…
- Panel: Tackling Automotive Hardware Vulnerabilities
The "Tackling Automotive Hardware Vulnerabilities" panel at Nullcon delved into the complex and rapidly evolving landscape of security threats facing modern vehicles. Featuring two experts, Dennis…
- Panel: From Code to Defense: Why Developers Are the New Security Leaders
This Nullcon panel discussion, "From Code to Defense: Why Developers Are the New Security Leaders," delves into the critical and evolving role of software developers in the realm of cybersecurity…
- Breaking Boundaries & Demystifying Kernel SU 4 Root Access In Azure Cloud Shell
This talk, titled "Colonel Conquest," presented by Wami and Abhishek, delves into the critical security implications of containerized environments, specifically within Microsoft's Azure Cloud Shell…
- Draining Your Credentials From Popular MacOS Password Managers - Wojciech Regula
Wojciech Regula's Nullcon talk, "Broken Isolation: Draining Your Credentials From Popular MacOS Password Managers," delivers a critical examination of macOS security, aiming to dispel common…
- Trapped By The CLI - William Robinet
William Robinet's Nullcon talk, "Trapped By The CLI," delves into subtle yet critical vulnerabilities within widely used cryptographic command-line interface (CLI) tools, primarily focusing on…
- Predator Malware: Trust Broken At The Core - Matthias Frielingsdorf
This talk by Matthias Frielingsdorf, VP of Research at A-Verify, delves into the sophisticated world of **commercial spyware**, specifically focusing on the evolution and technical intricacies of…
- MacOS Lockdown Mode: A Forensic Deep Dive - Bhargav Rathod
Apple's **Lockdown Mode**, introduced in 2022 with iOS 16 and macOS Ventura, represents a significant leap in consumer-grade security, designed to protect high-risk individuals from sophisticated…
- State Of IOS Jailbreaking In 2025 - Lars Fröder
In this insightful talk, Lars Fröder, a prominent security researcher and developer of widely recognized tools like TrollStore and Dopamine, delves into the intricate world of iOS jailbreaking…
- Windows Keylogger Detection: Targeting Past & Present Keylogging Techniques- Asuka
In this insightful Nullcon talk, Asuka Nakajima, a Senior Security Research Engineer at Elastic, delves into the persistent threat of keyloggers on Windows systems. The presentation meticulously…
- How To Teach Threading To A Dolphin - Andras Tevesz
Andras Tevesz, a security researcher at Kujo AI, presented a fascinating deep dive into the security of **Thread** and **Matter** networks, the foundational protocols for modern Internet of Things…
- Project Dusseldorf: Finding Out-Of-Band Vulnerabilities At Cloud Scale - Michael
In this insightful talk from Nullcon, Michael Hendricks, a Principal Security Engineer at Microsoft, unveiled Project Dusseldorf, an internally developed and now open-source tool designed to detect…
- Practical Software Countermeasures 4 Hardware Glitch Attacks- Arshid & Chinmay
In an era where software vulnerabilities often dominate security discussions, the realm of **hardware security** presents a distinct and increasingly critical challenge. This talk, "Practical…
- MLOps Under Attack: Threat Modeling Modern AI Systems - Sandeep Singh
Sandeep Singh's Nullcon talk, "MLOps Under Attack: Threat Modeling Modern AI Systems," provides a crucial examination of the often-overlooked security landscape surrounding modern Machine Learning…
- Pwning Smart Weighing Machines wt API & Hardware Hacking - Eugene Lim
In this compelling talk, Eugene Lim, known online as "space raccoon," delves into the fascinating world of hacking smart weighing machines. What began as a casual observation in a hotel gym—the…
- What The PHUZZ?! Finding 0-Days In PHP Apps wt Coverage-guided Fuzzing - Sebastian
This talk, "What The PHUZZ?! Finding 0-Days In PHP Apps wt Coverage-guided Fuzzing," by Sebastian, delves into the development and application of **PHUZZ**, a novel coverage-guided fuzzer…
- Google Give Me Vulnz - Cameron Vincent
- Reversing Large Deep Learning AI Models - Yashodhan Vivek Mandke
In this insightful Nullcon talk, Yashodhan Vivek Mandke delves into the critical, yet often overlooked, domain of **reversing deep learning (DL) models**. While the current discourse in AI security…
- Your Identity Is Mine: Techniques & Insights From OS Identity Providers Research
In this compelling Nullcon presentation, "Your Identity Is Mine: Techniques & Insights From OS Identity Providers Research," Aul, a vulnerability researcher at Cyber clubs, unveils critical security…
- The Hidden ART Of Rolling Shellcode Decryption - Tijme Gommers
This talk, "The Hidden ART Of Rolling Shellcode Decryption," presented by Tijme Gommers, delves into advanced techniques for loading shellcode into memory while actively evading detection by modern…
- How Ecovacs Robots Got Hacked And What We Can Learn From It - Dennis Giese
In this insightful talk at Nullcon, security researcher Dennis Giese, known for his extensive work in wireless and embedded security, detailed a seven-year journey into uncovering critical…
- Fueling The Future: Building Robust Engines - Daniel Cuthbert (Keynote)
In his compelling Nullcon keynote, "Fueling The Future: Building Robust Engines," Daniel Cuthbert challenges the cybersecurity industry to fundamentally rethink its approach, advocating for a shift…