ROOTCON 11 Venue

6.3.17 Posted by: ROOTCON

This years ROOTCON 11 will be held at Taal Vista Hotel in Tagaytay on September 21-22, 2017. We announced the venue as early as now so you can plan ahead for another awesome conference experience.

Some pro-tips 

1. If you are going to ROOTCON on personal expense start saving, scout some hotels, invite some friends for ride and room sharing.

2. If you feel like management will be sending you to ROOTCON get that management approval now! company budget runs-out pretty fast =) 

What are you waiting for? Plan your ROOTCON experience now! 

ROOTCON 10 Capture The Flag Statistics

6.10.16 Posted by: ROOTCON

During ROOTCON 10, we introduced a new dedicated track for our Capture The Flag, with the comfortable CTF tables and chairs the game was well participated and was enjoyed by most of the players, not just the players enjoyed the game but as well as the spectators passing by. With the Chill-out track near by the CTF area you'll be tempted to Hack All The Drinks and Drink All The Booze.

Kudos to The Illuminated Beings for coming up with a very awesome challenges.

Here are the Statistics.

13 teams registered
304 wrong keys submitted
101 right keys submitted
30 challenges
Most solved: Trivia 3 with 9 solves
Least solved: Exploitation 1 with 0 solves

Congratulations to the following

1st place: Team Harambae
2nd place: Handshake Junior
3rd place: Hack Ganern
4th place: FlySolo
5th place: Team2Busan

We will be creating a repo on Github for the write-ups soon.

Thank you from semprix

1.10.16 Posted by: ROOTCON

In-behalf of the goons and volunteers of ROOTCON I would like to personally say THANK YOU!

This years conference was an epic one.

The topics delivered were highly technical and we thank our speakers for that! The trainings were jam-packed, we are looking into expanding our trainings with different cutting-edge topics by next year. The games were well participated, receiving feedbacks that they enjoyed our Capture The Flag this year makes us to do more of it. The newly introduced Semprix’ Mysterybox didn’t gain much players, maybe it was too difficult I will try to adjust the difficulty next year.

With the newly introduced multiple tracks, the Capture The Flag had it’s dedicated area so players can focus more on the game with comfortable table and seats. The chill-out area was another best decision we had, through out the two day conference we consumed 70 liters of beer, awesome right?

The post-con party was pretty epic as well! We consumed 20 bottles of hard-drinks from Jack Daniels, Bacardi, to Mojito, 120 bottles of beer were served not to mention Smirnoff Mule sponsored us 400 bottles!

Right after the conference the goons were already brain-storming what more cool stuffs we can add to next year. Here are some stuffs to watch-out for next year.
1. We will introduce Fort ROOTCON, an area around the conference were tools and exploits have demos.
2. Hacker Jeopardy will be rescheduled for everyone to be able to attend.
3. Day 1 party and movie night will be held at the conference hall.
4. Capture the Flag will be extended from 10:00am to 11:00pm in-conjunction with the day 1 party and movie night.

Some pre-con activities we are brewing up.
1. Campus tour with student Capture The Flag.
2. Hackerspace in January
3. ROOTCON Kids will be introduced as mini-event around the month of May.

ROOTCON will continue to serve the hacking community specially in the Philippines, where hackers, geeks, pros will meet old and new friends, enjoy and of course learn from each other. With that said it wouldn't be possible without our awesome attendees, you rock!

Again I would like to say THANK YOU SO MUCH!

All the best,

Thank You Sponsors for Making ROOTCON X Awesome!

1.10.16 Posted by: ROOTCON


These sponsors are genuine sponsors who supports the Information Security and Hacking community in the Philippines. ROOTCON won't be as awesome without these supporters.

Elite + ROOTCON Official Badge sponsor

Elite + ROOTCON Official t-shirt sponsor

Elite Sponsor

Platinum + ROOTCON Post-con Party Sponsor

Gold Sponsor

Gold Sponsor

Day Zero Party Sponsor

Post-con drinks sponsor

With that said, ROOTCON would like to say THANK YOU!


Drink All the Booze and Hack all The Things on ROOTCON Parties

3.9.16 Posted by: ROOTCON

Yes you read the title right! You can drink all the booze and hack all the things because we have parties, not just once but thrice. w00t!

Here is the official schedule:

Day 0 (September 21, 2016) - BugCrowd Night Of Drinks - 7:00PM - 11:00pm
Day 1 (September 22, 2016) - Netsuite Security Hype Party - 7:00pm - 11:00pm 
Day 2 (September 23, 2016) - ROOTCON Post-con Party - 6:00pm - til you drop

Unleashing the Immune System: How to Boost Your Security Hygiene

2.9.16 Posted by: ROOTCON

This is an original article we received from Christian Falco of IBM Security and that ROOTCON is glad to publish it because IBM has helped us in making ROOTCON X happen:

Over the years, companies have responded to threats by backing up the security tool truck and unloading it onto their IT environments. An expanding security arsenal of fragmented, disconnected point products and perimeter solutions can add complexity without vastly improving the organization’s overall security posture.

The burgeoning infrastructure makes it more difficult to monitor the whole network, to the point where security teams are operating in the dark. As each tool is added, costs associated with installing, configuring, managing, upgrading and patching continue to scale. Not to mention the skills gap plaguing the industry, where the expertise needed to manage and keep up with the latest threats isn’t always available.

More threats, more vendors and more tools make for more headaches.

The Immune System Approach

To see through the chaos, enterprises should approach security like an immune system. Rather than a jumbled set of tools and capabilities, picture an integrated framework of key security capabilities.

At the core of this structure is security intelligence and analytics. This serves as the key piece, ingesting security data across an IT environment (e.g., logs, flows, incidents, events, packets and anomalies) as well as information beyond the enterprise (e.g., blogs, research and websites) to understand threats and take action.

This action mimics the body’s immune response. When exposed to a cold or flu, your body’s integrated network of cells and organs transmits vital information through the nervous system to help pinpoint the virus, disrupt it with antibodies and normalize the body.

Similarly, a healthy security infrastructure uses its own network of integrated security capabilities to intelligently detect the symptoms of a cyberattack — a breach on the network, an abnormal login on a high-value server, rogue cloud app usage, whatever it may be — and respond appropriately.

An integrated and intelligent approach to security

With analytics at the core, integrated capabilities deliver a level of visibility and defense that no single security solution can provide on its own.

Strength in Integration

Attackers continue to break through conventionally siloed safeguards using techniques that impact the entire IT environment. Consider two of today’s biggest issues: advanced threats and insider threats. Yesterday’s perimeter solutions are no match for the sophistication of these threats.

An integrated threat protection system requires strong network protection, endpoint management and security, data activity monitoring and incident response to fully disrupt and respond to an attack. The system continuously consumes threat intelligence to understand the latest attack vectors. Insider threats are responsible for many of today’s high-profile cybersecurity incidents. To mitigate this risk, enterprises need strong identity controls, which in turn should be integrated with data monitoring and security intelligence that analyzes user behavior to alert, confirm or prevent unauthorized access to sensitive data sources.

In a world where multifaceted threats necessitate integrated solutions, adding more disconnected tools is simply not enough. These fragmented products and services are expensive, complex and cannot fully solve today’s challenges.

Companies are taking a strategic approach to upgrading their defenses. We’re seeing a major shift in demand for platforms that offer integrated, intelligent security solutions backed by a collaborative, extensive partner ecosystem. Boost your security hygiene with a healthy immune system approach. 


Introducing the ROOTCON X Sponsors

19.8.16 Posted by: ROOTCON

ROOTCON X wouldn't be kicked off if it wasn't for the sponsors. We salute these companies for caring about the InfoSec community in the Philippines:

Trustwave Holdings is an information security company that provides on demand threat, vulnerability and compliance management services and technologies for more than 3 million business customers in 96 countries. The company also operates Security Operations Centers in Chicago, Denver, Manilla, Minneapolis, Singapore, Warszawa, and Kitchener-Waterloo in Canada. Trustwave is a standalone business unit and core cyber security brand of Singtel Group Enterprise.

Netsuite is an American software company based in San Mateo, California, that sells a group of software services used to manage a business's operations and customer relations. Customers access these services over the internet paying a periodic subscription fee. Netsuite | Security provides a host of advanced functionality to secure the application including role-based access, strong encryption, robust password policies and more. NetSuite adds further layers of security such as application-only access and restricting access to only certain IP addresses to provide complete confidence and peace of mind.

Handshake Networking Ltd is a Hong Kong base information security testing company that focuses on PCI ASV scanning, a penetration test, and vulnerability assessment. Their two founders have pwned most of the ROOTCON CTF's.

IBM’s security platform provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM operates one of the world’s broadest security research and development, and delivery organizations. For more information, please visit, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Swarmnetics is a crowdsourced cyber security company that was founded in 2015. They harness he power of the global expert crowd to deliver security testing services to help customers identify security weaknesses in their environment. Customers get access to global expertise and pay only for results. Instead of relying on a single or small team of penetration testers from a traditional vendor, you will benefit from increased coverage and diversity of assessments performed by engaging the Swarm.