Best Talks at REcon 2025

1. 1

   QuickShell: Sharing is caring about an RCE attack chain on Quick Share

   Or Yair

   Google's Quick Share — the AirDrop equivalent for Android and Windows — turned out to harbor a chain of vulnerabilities serious enough to achieve unauthenticated remote code execution on a victim's Wi

   0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
2. 2

   A Trip to Ancient BABYLON: Unearthing a 2017 Pegasus Persistence Exploit

   Bill Marczak, Daniel Roethlisberger

   In mid-2024, Citizen Lab researchers Bill Marczak and Daniel Roethlisberger stumbled onto something unusual on VirusTotal: an old sample of NSO Group's Pegasus spyware, calibrated to a specific victim

   0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
3. 3

   Abusing Domestic EV Chargers through Bluetooth and USB

   Riccardo Mori, Robin David

   Electric vehicle (EV) adoption surged 25% worldwide in 2024, but the charging infrastructure expanding alongside it has not kept pace with basic security expectations. At REcon 2025, Quarkslab researc

   0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆
4. 4

   Call, Crash, Repeat: Hacking WhatsApp

   Luke McLaren

   With roughly two billion active users worldwide, WhatsApp is the most widely deployed end-to-end encrypted messaging platform on Earth. Its ubiquity makes it both an attractive target for adversaries

   0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
5. 5

   Reverse Engineering Patch Tuesday

   John McIntosh

   Every month, Microsoft releases a batch of security updates on Patch Tuesday — and every month, the security community is left squinting at a list of CVE identifiers with partial, incomplete, or entir

   0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆

View all talks at REcon 2025 →