Thursday, July 30, 2015

ROOTCON officially launches ROOTCON Campus Tour

import rootcon
rootcon.print("Hello University Students!")

Ahem! Yes, ROOTCON in partnership with with De La Salle University - College of Computer Studies officially launches ROOTCON Campus Tour and the great thing about this event is that it is 100% Free.

ROOTCON Campus Tour is the first ever inter-university Capture the Flag (CTF) and infosec gathering for university students that aims to bring the ambience of the premier hacking conference in the Philippines, ROOTCON. The event is 100% FREE and covers topics like Information Security 101, Information Security Career 101, Introduction to Hacking, Exploit Development, Malware Analysis, Debugging, etc. 

The Capture the Flag event is the main highlight of this event wherein the champion could secure a FREE pass to ROOTCON 9. 

ROOTCON Campus Tour's CTF is not your ordinary hackathon or codefest because it is really an inter-university hacker cup that has intermediate to advance challenges like reverse engineering, return oriented programming, packet sniffing, debugging, web exploits, and many more to mention. 

ROOTCON Campus Tour wouldn't be a reality without the help of Isaac Sabas of Pandora Security Labs and De La Salle University - College of Computer Studies. Thank you for the help and we totally salute you guys!

You don't wanna miss this event! Stay tuned for more updates @
Read More

Saturday, July 25, 2015

ROOTCON 9 Speakers Lineup: Yes 1337 Speakers Are Here

Still doubtful that we are the premier hacking conference in the Philippines? Then check out our awesome lineup of speakers plus the 1337ness:

Carlos Tingson

Carlos Tingson is currently a student pursuing an MSc in Information Security here at the Information Security Group, Royal Holloway University of London under a British Chevening Scholarship. He specialized in Cyber Security and Cyber Crime. Carlos Tingson is an Army Captain by profession, his latest assignment is with the Presidential Security Group, based in Malacanang Park, Manila. he previously served with the Army's Special Operations Command and the 2nd Infantry Division. He graduated from the Philippine Military Academy with a degree in Information Systems. He also hold a Postgraduate Diploma in Research and Development Management from the University of the Philippines. A Certified Ethical Hacker (v. 7), Computer Hacking Forensics Investigator (v. 8), and EC-Council Certified Security Analyst. Carlos Tingson have been a regular Rootcon attendee since RC6. Not a pirate, Not a ninja, but had his fair share of ass kicking.

Christopher Elisan

Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their resident malware subject matter expert and reverse engineer. Aside from speaking at various conferences around the world, he frequently provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications. Christopher Elisan is also a published author. He authored "Advanced Malware Analysis" and "Malware, Rootkits and Botnets." He co-authored "Hacking Exposed: Malware and Rootkits." All books are published by McGraw-Hill. 

Jason Haddix

Jason is the Director of Technical Operations at Bugcrowd. Jason trains and works with internal analysts to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the researchers. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructural security assessments, cursory mainframe security analysis, cloud architecture reviews, wireless network assessment, binary reverse engineering, and static analysis. He is also a frequent player on the Shellphish CTF team. Jason lives in Santa Barbara with his wife and two children. 


JIM is not just one entity. As much as we want to introduce them to you guys, I'm sorry but for now they are marked as CLASSIFIED and shouldn't be disclosed yet. All we know is that ninjas p4wn teh n1gh7.

John Menerick

John works on Security at NetSuite. John’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, and is the outlier in your risk model.

Jose Ramon Palanco 

Jose Ramon Palanco is currently CTO of Drainware, Inc., a security company with offices in U.S and Spain: Palo Alto (California) and Madrid. In the past he has worked at Deloitte CyberSOC, managing incidents response (Tier 3). He studied Telecommunications Engineering at the University of Alcala de Henares and Master of IT Governance at the University of Deusto. He has been speaker at OWASP, ROOTEDCON and MALCON. 

Lu Zhao

Lu Zhao got his Ph.D. in Computer Science with specialties in trusted computing, abstract interpretation, formal verification and program logic. He worked in designing and developing static analyzers for security at HP Fortify for three years, during which he gave talks about analyzing programs to find vulnerabilities in conferences and filed two patents in the security analysis area. He is now a principal application security engineer at NetSuite Inc. His primary job is building security features for NetSuite cloud services including securing data accesses, eliminating vulnerabilities, and preventing attacks. He also works on security reviews and automated security testing. He has a wide range of interests in computing, including security, programming languages, abstract interpretation, program analysis, formal verification, and automated constraint solving. 

Markku Kero

Currently Markku Kero is the CEO of Eqela and Job and Esther Technologies. He also serves as Chief Software Architect for both companies. Over the last 15 years, Markku has been the driving force behind some of the most compelling technologies that have consistently been ahead of their time, overseeing the implementation of a 2G-compatible mobile voice over IP technology implementation, a mobile messaging system unifying email, SMS and instant messaging, a multi-device operating system and now automated programming language translation technology. He has founded and managed several companies in this field, previously Inceptions, Inc. and Kolipri Communications, currently Job and Esther Technologies and Eqela. 

Mon Nunez

Mon has more than more than 14 years experience in network management and security, specializing in computer security, large-scale network deployment, system administration, and network forensics. He has been a consultant to international organizations such as WHO and NEC, is the Co-Head Security Architect of DOST-ICTO for the Integrated Government Project (iGov), the Network Infrastructure and Security Consultant of the UP Computer Center, and is currently the Director for Security at Chikka Philippines. 

A member of Team Manila, Mon, with Paul Prantilla, has competed in the DEFCON 22 in Las Vegas this 2014. The team participated in multiple contests achieving 4th out of 264 teams for the Network Forensics Puzzle Contest (NFPC), and also 4th at the Capture the Packet Contest (CTP) championship round. They also competed in the 2014 Capture The Flag contest at Hack In The Box, Kuala Lumpur -- making them the first and only team from the Philippines to ever compete in an international CTF event. 

As an advocate for continuous learning, Mon got his Masters Degree in Computer Science from UP Diliman and is now taking up his PhD in Computer Science in the same university, researching on hypervisor security and software defined networks. Believing in the importance of knowledge sharing, he teaches Network Security to graduate students in UP. 

Paul Prantilla

Paul Prantilla got his masters in Computer Science from UPLB and currently is working on his PhD on Computer Security in UP Diliman. After a brief stint teaching graduate school, Paul became the first IT Director of UPLB, worked in the United Nations Population fund, and then in Chikka Philippines. While in Chikka, Paul worked with Mon Nunez to launch groundbreaking IT services in Smart - including Smart PowerApp and Internet for All. During this time, they became regular attendees of DEFCON and consistently attained a top 4 finish in multiple DEFCON contests. Currently, Paul works as the Director of Planning and Strategic Roadmapping in Globe's IT Division. 

Paul Sabanal

Paul Sabanal is a Security Researcher on IBM Security's X-Force Advanced Research Team. He has more than a decade of experience in the Information Security industry, mainly focusing on reverse engineering and vulnerability research. He has previously presented at several conferences such as Blackhat and Hack In The Box, primarily on the topics of reverse engineering, sandbox vulnerabilities, and mobile security. His main research interests these days are in protection technologies, mobile malware, and IoT security. When not in front of a computer, he enjoys Disney movie nights with his daughter, playing weird instruments in a band, and pajama wrestling. 

Philippe Z Lin

Philippe Lin is a staff engineer in Trend Micro. He works in data analysis, machine learning, fast prototyping and threat research. He was a BIOS engineer in Open Computing Project. Active in open source communities, he is a hobbyist of Raspberry Pi / Arduino projects and the author of Moedict-Amis, an open source dictionary of an Austronesian language. 

Ray Torres

Ray Torres is an IT Security enthusiast and practitioner. He likes to read daily updates of security-related topics and tries to maintain a white-hat mentality at all times when he sees a new CVE. *wink wink*. He graduated from the University of the Philippines Diliman and has a bachelor’s degree in Computer Science (he doesn’t like to brag but he graduated as Magna Cum Laude from the said university *wink*). Currently he is taking his postgraduate studies in the same university. He also goes to the gym 3 times a week and tries to maintain a healthy lifestyle. On his leisure time, he reads legal-thriller books by John Grisham or looks for open wifi access points (for free internet of course). 

Steve Miller

Steve Miller is an incident response professional and the Security Strategist for FireEye in Asia-Pacific and Japan. Steve has over 10 years of experience in areas such as computer forensics, communications signals analysis and intelligence program management. 

Steve's background includes work for the U.S. Army, the National Security Agency, Cornell University, the U.S. Department of State, and the U.S. Department of Homeland Security. 

As a part of FireEye's 24x7 incident response service, Steve leads security operations in APJ and also contributes to threat research and detection management. In his spare time, he rides a totally rad BMW F800GS motorcycle.

Read More

RC9 Schedule Live

ROOTCON 9 schedule now live

Day 1:

8:00 - 8:45 Registration - Check-in
8:45 - 9:00 Opening Remarks
9:00 - 9:45 How to Shot Web: Better Web Hacking in 2015 (Keynote) by: Jason Haddix
9:45 - 10:30 BackDooring Git by: John Menerick
10:00 Games Opening (Capture The Flag, Badge Hacking, WiFi Warrior)
10:30 - 11:15 How safe is my system from reverse engineering by: Markku Kero
11:15 - 12:00 Unmasking Malware by: Christopher Elisan
12:00 - 13:00 Break
13:00 - 13:45 Fixing CSRF Vulnerabilities Effectively by: Lu Zhao
13:45 - 14:30 Hacking Time by: Carlos Tingson
14:30 - 15:30 What Hacker Sees by: JIM
15:15 - 16:00 Break / SpeedTalk
16:00 - 16:45 Panel Discussion

Read More

Tuesday, July 21, 2015

Pandora Security Labs at RC9

ROOTCON would like to welcome our newest sponsor this ROOTCON 9. 

Pandora Security Labs is formed through the combined expertise of security analysts from leading IT security companies and researchers from the academe world. Our founder firmly believes that the combination of industry experience, education and continuous research is the best formula for providing innovative best quality products and services.

Visit them at
Read More

Monday, July 20, 2015

ROOTCON 9 Sponsors: We Salute You!

ROOTCON would like to highlight and thank the sponsors for this incoming hacker conference and information security gathering:

Netsuite is an American software company based in San Mateo, California, that sells a group of software services used to manage a business's operations and customer relations. Customers access these services over the internet paying a periodic subscription fee. Netsuite | Security provides a host of advanced functionality to secure the application including role-based access, strong encryption, robust password policies and more. NetSuite adds further layers of security such as application-only access and restricting access to only certain IP addresses to provide complete confidence and peace of mind.

Rapid7's IT security solutions deliver visibility and insight that help you make informed decisions, create credible action plans, and monitor progress. They simplify compliance and risk management by uniquely combining contextual threat analysis with fast, comprehensive data collection across your users, assets, services and networks, whether on premise, mobile or cloud-based. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Rapid7 currently maintains the Metasploit Framework and other security tools.

Kaspersky Lab is an international software security group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Kaspersky Lab offers consumer security products, such as anti-virus, anti-malware and firewall applications, in addition to security systems designed for small business, corporations and large enterprises. Corporate solutions include protection for workstations, file servers, mail servers, payment gateways, banking servers, mobile devices, and internet gateways, managed through a centralized Administration Kit. 

Hewlett Packard Fortify on Demand is part of HP Enterprise Security Products in the HP Software business, providing application security products and services for enterprise customers to assess, assure and protect enterprise software and applications from security vulnerabilities. Fortify offerings included Static Application Security Testing and Dynamic Application Security Testing products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle. 

Netpoleon Solutions Pte Ltd was established in 2000 in Singapore. It is a leading regional VAD (Value-Added Distributor) in IT Network and Security. The company serves  a wide range of industries and customers across Singapore, Philippines, Malaysia, Thailand, Indonesia and Vietnam, , spearheading emerging technologies and delivering future-proofed solutions built for consolidation, virtualization, big data analytics, security operations centre and cloud computing. 

iSecure Networks, Inc. is a software vendor company whose strength revolves around selling, marketing and implementation of thoroughbred IT products, coupled with the ability to support and adapt to the constant changes and advances brought about by information technology. The company provides a full suite of networking and security products that gives leverage to companies, big or small, to stay afloat in today's competitive business environment. It has forged alliances with the world's most recognized brands such as Astaro Corporation, Kasperlsy Labs., Aep Networks, eEye Technologies Inc., Pheenet Technologies. 

Citibank Philippines is the Philippines chapter of Citibank established in 1902. It started when when the International Banking Corporation opened its first branch in Manila. Currently, it is one of the largest commercial banks in the Philippines. Citibank has been involved with financial mergers and acquisitions. One of the largest investments in the country is the site building in Bonifacio Global City, Taguig City. 

SecurityMatters™ is the first and only security magazine in the Philippines that provides in-depth insights and helpful tips for physical and IT security, fire and life safety, protection professionals and anyone who is interested in understanding how to prevent risky situations, accidents and any form of danger. The magazine covers relevant security issues that impact the practitioners’ professional growth, social networking activities and career development. 

The Philippine Daily Inquirer was a daily newspaper founded on 9 December 1985 by publisher Eugenia Apóstol, columnist Max Solivén, together with Betty Go-Belmonte (wife of House Speaker Feliciano "Sonny" Belmonte) during the last days of the regime of the Philippine dictator, Ferdinand Marcos, becoming one of the first private newspapers to be established under the Marcos regime. It is popularly known as the Inquirer, is the most widely read broadsheet newspaper in the Philippines,with a daily circulation of 260,000 copies. It is one of the Philippines' newspapers of record. It is a member of the Asia News Network.

Want to sponsor ROOTCON? It is never to late to be part of its success. We want you to be in this exciting event.

Why sponsor? Sponsoring ROOTCON event provides you the unique opportunity to connect with the greater Info Sec community, to build brand awareness and show your company’s support of an important cause: Security Awareness.

It is definitely a WIN-WIN situation!!!

Download the sponsorship package  or visit the sponsorship section 

Read More

RC9 Promo Code

We always want everyone to come and join us, ROOTCON is giving away 10% discount from regular rate. Just type-in the promo code "hackallthethings" and get that discount!

What are you waiting for? Register now at

credits to the owner of the photo

Read More

Sunday, July 19, 2015

ROOTCON Price Update

We received a lot of inquiries with regards to our price update this year.

Q: Why is there a price increase?
A: As much as we wanted to stick with the previous RC event prices we cannot, we need to adjust it according to our venue and logistics expenses 

Q: Why is the price increase high?
A: We adjusted the price according to the venue rates and logistic expenses. 

Q: Why not bring back RC event in Cebu for cheaper price?
A: We can do that, but its likely will going to increase as hotels are increasing their prices as well. 

Q: How much is RC9? early registration
A: Our price for RC9 will be P7450.00 

Q: How much is RC9 regular rate
A: Our price for RC9 regular rate is P8550.00 

Q: Is there still a group discount?
A: Yes, group discount is based on the regular rate, group price is P7700.00 

Q: Is there a student rate?
A: Yes, student rate is based on regular rate, student rate is P7500.00 

Q: How about the inclusions?
A: Our inclusions are still the same, official RC9 badge (electronic), lunch buffet, 2 day access to conference, and other swags. 

If you do the math, the expenses are still the same, if the event is in Cebu you will spend air-fare, hotel expenses, etc...etc... 

ROOTCON is dedicated to giving the best conference experience for our con-goers, the price will be worth-it compared to other infosec conferences in the country.

Read More