The Philippines’ first and only industry magazine that deals with safety and security matters pervading the environment today.

ROOTCON 9: The Largest InfoSec Gathering and Hacking Conference in the Philippines

SMMag---Rootcon-Poster-(REVISED) (2)

The group behind ROOTCON started operations on December 27, 2008. It was then registered as DEFCON Group 6332 and carried the name DEFCONPH.

After going through copyright issues, the group was renamed PinoyGreyHat until its founder decided to rebrand to a more neutral and conference-friendly name: ROOTCON.

The name was officially changed on August 9, 2010.

Among the objectives of ROOTCON is to foster camaraderie and sharing of expertise through IT Security conferences and gatherings.

ROOTCON holds an annual hacker conference, along the months of September or October, which is packed with awesome topics, challenges, and parties.

This year, ROOTCON 9 is happening on September 18 and 19 at the Taal Vista Hotel in Tagaytay City, Philippines.

Some of the topics we have for this year are:

  • How to Shot Web: Better Web Hacking in 2015 by Jason Haddix of Bugcrowd

2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools that he and the best bug-hunters use. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that every tester can take home and use.

  • BackDooring Git by John Menerick of Netsuite

Join John Menerick for a fun-filled tour of source control management and services to talk about how to backdoor software. He will focus on one of the most popular, trendy SCM tools and services out there – Git and GitHub. Nothing is sacred. Along the way, he will expose the risks and liabilities when one is exposed to faulty usage and deployments.

  • Open Source Internet Infrastructure Insecurity by John Menerick of Netsuite

This presentation will tread through popular open source projects, common fallacies, peer into 0days, walk trends, and break code. You will be able to use the same techniques and tools to break or protect the Internet’s building blocks.

  • Unmasking Malware by Christopher Elisan of RSA

Join Chris as he presents the different techniques attackers use to protect and mask malware to bypass security products and analysis. Chris will demonstrate how attackers have perfected this methodology giving them the capability to automate malware masking to match the massive malware production done on a regular basis. But there is hope, in this talk, Chris will also present different techniques on how to “unmask” malware to reveal its true nature.

  • Building Automation and Control: Hacking Energy Saving System by Philippe Z Lin of Trend Micro

In this talk, Philippe will demonstrate how to use Shodan to find BACnet devices exposed on the Internet, and to retrieve and analyze information from them. He will also discuss possible security impacts on its massive deployment and take subsidized installation in Taiwanese schools as an example.

  • Incident Response for Targeted attacks by Jose Ramon Palanco of Drainware

During the talk Jose will explain how organized a SOC is (key people, tools, methodology).

  • How safe is my system from reverse engineering by Markku Kero of Eqela and Job and Esther Technologies

In this session we will take a look at several programming languages and operating systems, and get an idea on how easy it is to reverse engineer applications, and how exactly the reverse engineering process would work.

  • Once more unto the data breach by Steve Miller of FireEye in Asia-Pacific and Japan

Sufficiently motivated attackers will improvise, adapt, and overcome all security technology in order to breach their target networks. Join Steve Miller, Security Strategist for FireEye in APJ, as he discusses evolving attacker methods, and examples of data breach in action.

Aside from the topics mentioned above, we have hacker challenges, games, and side events like CTF (Capture the Flag), WiFi Warrior, ROOT me if you can, Hacker Jeopardy, Ninja Party, Crack D Hash, Electronic Badge Challenge, etc.

Plus, a few more tracks. Check out for more information.

What are you waiting for? Visit to register now.

Still unconvinced? Here is our electronic badge last year which contains a challenge that you need to crack!

RootCon Image 5 (2)