Nullcon Goa 2025

March 1-2, 2025 · Goa, India · 26 talks

Nullcon's flagship Goa conference is one of Asia's largest practitioner-driven infosec gatherings, mixing offensive research, mobile/macOS internals, supply-chain and AI/ML threat modeling, hardware hacking, and policy. Goa 2025 ran March 1-2 at BITS Goa with the Daniel Cuthbert keynote and tracks spanning iOS/macOS, BountyCraft, Winja, and Supply Chain.

→ See editor’s top picks at Nullcon Goa 2025

• Securing the chains: Building defensive layers for software supply chains

  In an era defined by interconnected software components, the security of the software supply chain has become a paramount concern for organizations worldwide. This Nullcon talk, "Securing the…

• Large-Scale Exposure Of Orphaned Commits On Major Git Platforms by Kumar Ashwin — Kumar Ashwin

  Ashwin Kumar's Nullcon talk, "Large-Scale Exposure Of Orphaned Commits On Major Git Platforms," sheds critical light on a pervasive yet often overlooked security vulnerability: the persistence of…

• Panel: Modernizing Security Architecture: Platforms or Best-of-Breed, What Works?

  In an insightful panel discussion at Nullcon, moderated by Rahul Neil Money from Information Security Media Group, leading cybersecurity executives delved into one of the most persistent dilemmas…

• Panel | Cyber Fusion Center: The Command Center For Integrated Cyber Defense

  This Nullcon panel discussion, titled "Cyber Fusion Center: The Command Center For Integrated Cyber Defense," delves into the evolving landscape of cybersecurity operations, moving beyond…

• Unlocking India’s cyber potential through policy, innovation, and partnerships

  This Nullcon talk delves into India's strategic vision and ongoing efforts to cultivate a formidable cybersecurity ecosystem. The discussion, presented by a distinguished panel from key government…

• Panel: Tackling Automotive Hardware Vulnerabilities — Dennis

  The "Tackling Automotive Hardware Vulnerabilities" panel at Nullcon delved into the complex and rapidly evolving landscape of security threats facing modern vehicles. Featuring two experts, Dennis…

• Panel: From Code to Defense: Why Developers Are the New Security Leaders — Vabhov

  This Nullcon panel discussion, "From Code to Defense: Why Developers Are the New Security Leaders," delves into the critical and evolving role of software developers in the realm of cybersecurity…

• Breaking Boundaries & Demystifying Kernel SU 4 Root Access In Azure Cloud Shell — Abishek, Wami

  This talk, titled "Colonel Conquest," presented by Wami and Abhishek, delves into the critical security implications of containerized environments, specifically within Microsoft's Azure Cloud Shell…

• Draining Your Credentials From Popular MacOS Password Managers - Wojciech Regula — Wojciech Regula

  Wojciech Regula's Nullcon talk, "Broken Isolation: Draining Your Credentials From Popular MacOS Password Managers," delivers a critical examination of macOS security, aiming to dispel common…

• Trapped By The CLI - William Robinet — William Robinet

  William Robinet's Nullcon talk, "Trapped By The CLI," delves into subtle yet critical vulnerabilities within widely used cryptographic command-line interface (CLI) tools, primarily focusing on…

• Predator Malware: Trust Broken At The Core - Matthias Frielingsdorf — Matthias Frielingsdorf

  This talk by Matthias Frielingsdorf, VP of Research at A-Verify, delves into the sophisticated world of **commercial spyware**, specifically focusing on the evolution and technical intricacies of…

• MacOS Lockdown Mode: A Forensic Deep Dive - Bhargav Rathod — Bhargav Rathod

  Apple's **Lockdown Mode**, introduced in 2022 with iOS 16 and macOS Ventura, represents a significant leap in consumer-grade security, designed to protect high-risk individuals from sophisticated…

• State Of IOS Jailbreaking In 2025 - Lars Fröder — Lars Fröder

  In this insightful talk, Lars Fröder, a prominent security researcher and developer of widely recognized tools like TrollStore and Dopamine, delves into the intricate world of iOS jailbreaking…

• Windows Keylogger Detection: Targeting Past & Present Keylogging Techniques- Asuka — Asuka

  In this insightful Nullcon talk, Asuka Nakajima, a Senior Security Research Engineer at Elastic, delves into the persistent threat of keyloggers on Windows systems. The presentation meticulously…

• How To Teach Threading To A Dolphin - Andras Tevesz — Andras Tevesz

  Andras Tevesz, a security researcher at Kujo AI, presented a fascinating deep dive into the security of **Thread** and **Matter** networks, the foundational protocols for modern Internet of Things…

• Project Dusseldorf: Finding Out-Of-Band Vulnerabilities At Cloud Scale - Michael — Michael

  In this insightful talk from Nullcon, Michael Hendricks, a Principal Security Engineer at Microsoft, unveiled Project Dusseldorf, an internally developed and now open-source tool designed to detect…

• Practical Software Countermeasures 4 Hardware Glitch Attacks- Arshid & Chinmay — Arshid, Chinmay

  In an era where software vulnerabilities often dominate security discussions, the realm of **hardware security** presents a distinct and increasingly critical challenge. This talk, "Practical…

• MLOps Under Attack: Threat Modeling Modern AI Systems - Sandeep Singh — Sandeep Singh

  Sandeep Singh's Nullcon talk, "MLOps Under Attack: Threat Modeling Modern AI Systems," provides a crucial examination of the often-overlooked security landscape surrounding modern Machine Learning…

• Pwning Smart Weighing Machines wt API & Hardware Hacking - Eugene Lim — Eugene Lim

  In this compelling talk, Eugene Lim, known online as "space raccoon," delves into the fascinating world of hacking smart weighing machines. What began as a casual observation in a hotel gym—the…

• What The PHUZZ?! Finding 0-Days In PHP Apps wt Coverage-guided Fuzzing - Sebastian — Sebastian

  This talk, "What The PHUZZ?! Finding 0-Days In PHP Apps wt Coverage-guided Fuzzing," by Sebastian, delves into the development and application of **PHUZZ**, a novel coverage-guided fuzzer…

• Google Give Me Vulnz - Cameron Vincent — Cameron Vincent
• Reversing Large Deep Learning AI Models - Yashodhan Vivek Mandke — Yashodhan Vivek Mandke

  In this insightful Nullcon talk, Yashodhan Vivek Mandke delves into the critical, yet often overlooked, domain of **reversing deep learning (DL) models**. While the current discourse in AI security…

• Your Identity Is Mine: Techniques & Insights From OS Identity Providers Research — Paul

  In this compelling Nullcon presentation, "Your Identity Is Mine: Techniques & Insights From OS Identity Providers Research," Aul, a vulnerability researcher at Cyber clubs, unveils critical security…

• The Hidden ART Of Rolling Shellcode Decryption - Tijme Gommers — Tijme Gommers

  This talk, "The Hidden ART Of Rolling Shellcode Decryption," presented by Tijme Gommers, delves into advanced techniques for loading shellcode into memory while actively evading detection by modern…

• How Ecovacs Robots Got Hacked And What We Can Learn From It - Dennis Giese — Dennis Giese

  In this insightful talk at Nullcon, security researcher Dennis Giese, known for his extensive work in wireless and embedded security, detailed a seven-year journey into uncovering critical…

• Fueling The Future: Building Robust Engines - Daniel Cuthbert (Keynote) — Daniel Cuthbert

  In his compelling Nullcon keynote, "Fueling The Future: Building Robust Engines," Daniel Cuthbert challenges the cybersecurity industry to fundamentally rethink its approach, advocating for a shift…