ROOTCON 19: Hacking, Learning, and Networking Across Borders

ROOTCON 19: Hacking, Learning, and Networking Across Borders

By Dr. Semi Yulianto

Swiss German University Master of IT program Lecturer
_________________________________________________________________________

Late September 2025 marked a special milestone for our team (a group of 5 persons) from Indonesia: we travelled to the Philippines to attend ROOTCON 19, the country’s premier hacking and information security conference. Our goals were simple yet ambitious—learn about new offensive techniques, emerging threats, and cutting-edge tools, and connect with peers across the region. ROOTCON 19 delivered on all counts.

ROOTCON at a Glance

Founded in 2008, ROOTCON has evolved from a local meet-up into a regional hub for hackers and security researchers across Asia and beyond [1]. Its name merges “root,” the Unix/Linux superuser, and “con,” short for conference, reflecting its hacker culture origins. Over the years, ROOTCON has become known for its strong technical content, vibrant villages, and hands-on learning opportunities [2].

This year’s edition carried the theme “Augmented Threats,” highlighting how artificial intelligence (AI), automation, and adversarial machine learning (ML) are transforming the cyber-threat landscape [3]. The event ran 24–26 September 2025 at the Royce Hotel in Clark Freeport Zone, Pampanga, featuring keynotes, workshops, villages, Capture-the-Flag (CTF) contests, and exclusive Day 0 sessions.

On the Ground with Team Indonesia

We landed at Manila’s NAIA Terminal 1 on 22 September and made the smooth journey to Clark. The Royce Hotel venue impressed us with its spacious halls, reliable Wi-Fi, ample power outlets, and thoughtful layout—critical for a tech-heavy event hosting hundreds of participants.

Our team divided passes strategically: three members chose the Human+ track (which grants Day 0 access), while two took the Human pass for general admission. Day 0 offered exclusive workshops; our Human+ subgroup joined the Red Teaming training, a challenging and highly interactive session that sharpened our offensive security skills [4]. Meanwhile, the rest of the team used Day 0 to network and explore villages before the official opening.

Highlights and Takeaways

Keynote talks on AI-driven attacks, ICS/OT exploitation, reverse engineering, and advanced threat intelligence drew large crowds, occasionally making it hard to follow every detail. We often gravitated toward the villages—hardware hacking, red teaming, and lockpicking—where smaller groups enabled deeper discussion and hands-on exploration. Sessions on the fusion of AI with red teaming tactics were especially eye-opening, aligning with broader industry concerns that adversarial ML is accelerating the sophistication of cyberattacks [5].

ROOTCON is proudly community-driven, and that spirit was palpable. Whether during coffee breaks or hallway chats, we connected with participants from the Philippines, Southeast Asia, and beyond. Conversations ranged from open-source tooling to joint CTF initiatives and potential collaborative research projects—reminding us that cybersecurity progress thrives on cross-border partnerships [6].

Lessons Learned

As with any large conference, we encountered a few hiccups: crowded hallways, occasional Wi-Fi dips, and overlapping sessions. Yet these were minor compared with the overall value. ROOTCON 19 left us with clear takeaways:

  • Augmented threats are here—AI and automation are reshaping the attack surface.
  • Hands-on learning matters more than theory.
  • Community connections are invaluable, especially across national borders.
  • Regional context drives priorities—threat landscapes in Southeast Asia have unique dynamics [7].
  • Collaboration must continue post-conference to turn insights into action.

Closing Thoughts

ROOTCON 19 proved to be far more than a hacking conference. It was a convergence of knowledge, culture, and collaboration. For our Indonesian team, the journey was unquestionably worthwhile, and we return home inspired to share these insights and strengthen regional cybersecurity ties.

______________________________________________________________________________
References

[1] ROOTCON, “About ROOTCON,” [Online]. Available: https://www.rootcon.org/.
[2] K. D. Mitnick and W. L. Simon, The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers, Wiley, 2005.
[3] A. Shulman et al., “The security impact of artificial intelligence and machine learning,” IEEE Security & Privacy, vol. 19, no. 5, pp. 14–23, 2021.
[4] C. Allen, “Red teaming for cybersecurity: practical approaches,” ACM Crossroads, vol. 29, no. 3, pp. 22–28, 2023.
[5] B. Biggio and F. Roli, “Wild patterns: Ten years after the rise of adversarial machine learning,” Pattern Recognition, vol. 84, pp. 317–331, 2018.
[6] D. Moore et al., “Global cybersecurity collaboration: Lessons from international partnerships,” IEEE Internet Computing, vol. 27, no. 2, pp. 35–43, 2023.
[7] ASEAN Cybersecurity Cooperation, “State of cybersecurity in Southeast Asia 2024,” [Online]. Available: https://asean.org/cybersecurity-report-2024.

By SGU Public Relation | September 30, 2025 | Berita |

Previous

Cybersecurity in Capital Markets: A Wake-Up Call for Indonesia Protecting Investor Funds in the Age of Digital Threats
Next

WPA3 is Broken: Why Your "Next-Gen" Wi-Fi is Still Not Safe