Editor's Picks

Best Talks at OffensiveCon 2025

Hand-picked from in-depth reviewer verdicts — the top 6 talks from this conference. Skip the noise, find the signal.

← All talks at OffensiveCon 2025

  1. 1

    Entrysign: Create Your Own x86 Microcode for Fun and Profit

    Matteo Rizzo, Kristoffer "spq" Janke, Eduardo Vela Nava, Josh Eads

    A Google security team discovered **EntrySign**, a cryptographic flaw in AMD's microcode patch signing scheme affecting every AMD CPU from Zen 1 through Zen 5: the signature algorithm uses AES-128 CMAC with a hardcoded key, a construction whose compression function is…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆
  2. 2

    Finding and Exploiting 20-Year-Old Bugs in Web Browsers

    Ivan Fratric

    Ivan Fratric of Google Project Zero audited the XSLT processing engines embedded in all major web browsers and discovered multiple use-after-free and memory corruption vulnerabilities, some dating back over 20 years — predating Firefox 1.0. The root cause across most findings…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway SOLID ★★★☆☆
  3. 3

    Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit

    Seth Jenkins

    Starting from nothing but a set of kernel panic logs recovered from a Serbian activist's phone — logs that implicated Cellebrite's UFED tool and the Qualcomm ADSPRPC driver — Google Project Zero researcher Seth Jenkins found five new vulnerabilities in the driver over two and a…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  4. 4

    Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting"

    Ken Gannon

    Ken Gannon was the sole phone entrant at Pwn2Own Ireland 2024 and successfully compromised the Samsung Galaxy S24 using an unbroken chain of five logic bugs — zero memory corruption required. Starting from a browsable intent vulnerability in Samsung Gaming Hub (version…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  5. 5

    How Offensive Security Made Me Better at Defense

    Dino Dai Zovi

    In the closing keynote of OffensiveCon 2025, Dino Dai Zovi — veteran of Pwn2Own, Defcon CTF, and co-author of multiple security books — argues that deep offensive expertise is not just complementary to defense work but a prerequisite for building effective security engineering…

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  6. 6

    Attacking Browsers via WebGPU

    Lukas Bernhard

    Lukas Bernhard built a grammar-based fuzzer for WebGPU's shading language (WGSL) and aimed it at the shader compilers lurking inside Chrome's GPU process — components never designed to withstand adversarial inputs. The campaign turned up 21 bugs across Windows's DirectX Shader…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆

View all talks at OffensiveCon 2025 →