0. About HITCON 2025

Hacks in Taiwan Conference (HITCON), a cybersecurity conference annually held in Taiwan, is dedicated to bringing the latest and the most in-depth technologies and practices to the security community.

Over the years, researchers from all over the world participate and network, this is where technical research, bleeding-edge hacking technology, and ideas/experiences on a wide range of corporate security issues flow freely.

1. HITCON 2025 theme

Perimeter Security is Dead, Long Live Resilience

As information and network systems become ubiquitous worldwide, the attack surface is growing increasingly complex, rendering traditional perimeter defense mechanisms ineffective against modern threats. We continue to see an influx of system vulnerabilities and APT attacks, which are nearly impossible to completely eliminate. Meanwhile, the continued proliferation of ransomware groups poses a direct threat to the continuous operations of businesses and organizations, severely impacting critical infrastructure such as healthcare, transportation, energy, and telecommunications. Since it is impossible to achieve 100% protection against all attacks, the key challenge in cybersecurity today is ensuring that systems can adapt to emerging cyber threats, maintain operations and withstand cyber threats, and recover quickly after an incident. This is the core principle of Cyber Resilience.

Since HITCON 2018: "Transforming: Cybersecurity and Resilience", resilience has once again taken center stage. In recent years, events such as the Russia-Ukraine war and the sabotage of undersea cables have underscored the importance of communication security, in addition to traditional cybersecurity. Critical infrastructure, such as undersea cables and low-earth orbit (LEO) satellites, introduces new challenges and discussions in the realm of resilience.

Furthermore, this theme aligns with the Cyber Resilience Act introduced by the European Union. For Taiwan, a major producer of consumer electronics, integrating the Secure-by-Default concept into product development—embedding security into design rather than relying on post-facto mitigation—will be a critical issue worthy of further exploration.

2. The Call for Papers

We welcome submissions on any information security-related topics. This year's submissions are divided into three categories: HITCON presentation sessions, and HITCON Hacking 101 (tutorial sessions), and you can decide which direction your submission is best suited for. However, the review committee may adjust the session type based on the content of your submission. We suggest a presentation session length of 40 minutes, including Q&A, while a tutorial session is 80 minutes, including Q&A.

Additionally, since HITCON receives a large number of high-quality submissions every year, if your submission has too little information, such as a short or vague description, or if you do not include presentation slides or supporting materials, it may be difficult for the review committee to compare your submission with others, which may result in missing out on a great opportunity. Therefore, we suggest that you provide detailed and specific submission information in the submission system to facilitate the review process.

Reviewing Procedure and Logistics

Since this year's HITCON conference is expected to be held in-person, live presentations are the preferred option for both domestic and foreign speakers. If you have any concerns or difficulties, please feel free to let us know.

The review process for this year's conference will begin during the submission period and will be conducted on a first-come, first-served basis. This means that your submission may be accepted before the submission deadline if the majority of the submissions are of high quality. Chance of ending the Call for Papers early if the quality of submissions is extraordinary. We remind those who are interested in submitting session proposals to complete their submissions as soon as possible.

Scope and Topics

• Artificial Intelligence (AI) Hacking: Data Science for Security, Machine Learning (ML) & AI for Security, Hacking ML & AI, ML&AI Reasoning and Interpretation, Adversarial Machine Learning
• Exploit & Vulnerability: Red Team, Exploit Development, Exploiting Memory-safe Language, Fuzzer, Wormable Vulnerability, Web AppSec
• Malware: Malware Analysis, Malware Development, Ransomware, APT/Cybercrime, Reverse Engineering
• Blue Team: Digital Forensics, Incident Response, Security Operation Process and Automation, Detection Engineering, SOAR, Detection as Code
• Cloud Security: IAM in the cloud infra, Penetration & Vulnerability Discovery in Cloud Environment
• Privacy and Data Protection: Encryption, Key Management, Post Quantum Cryptography, Side Channel Attack
• Blockchain Security: Web3, Cryptocurrency, DeFi
• IoT Hacking & Security: IoT security, IoT Protection, IoT Hacking & Exploit, IIoT security, Hardware Reversing Engineering, Radio Hacking, Cyber Physical Security (CPS)
• Communication Hacking: Telecommunications Hacking, Communications Satellite, 5G/6G Security & Radio Hacking
• Talent Education and Security Community: CTF, Cyber Range, Experience of Security Community, Legal and Social Aspect of Information Security
• Enterprise Security: Cyber Security Framework, Cyber Defense Verifications, Breach Attack Simulation, Patch Management, Cloud Security, Infrastructure Governance, PSIRT
• Cyber Security Maturity Measurement: Security Risk Measurement, Defense Performance Analysis, PSIRT Maturity, CSIRT/SOC Maturity
• Supply Chain Security: Supply Chain Risk Management, DevOpsSec, SLSA, SBOM
• Vulnerability Management: Vulnerable Disclosure Procedure, Vulnerability Discovery, Vulnerability Prioritization
• Security Compliance: Automatic and Continuous Compliance

Submission Option

• HITCON OpenSource: Special Collaboration between COSCUP and HITCON
  • To encourage hackers to contribute to open-source projects and to promote an open and sharing mindset for cybersecurity, HITCON is launching the HITCON OpenSource initiative in collaboration with COSCUP this year.
  • COSCUP (Conference for Open Source Coders, Users, and Promoters) is an annual conference in Taiwan, jointly organized by open-source communities. Established in 2006, it has been a key driving force of Taiwan’s Free and Open Source Software Movement (FOSSM). COSCUP 2025 will be held on August 9–10.
  • COSCUP Official Site: https://coscup.org/2025/event/
  • This initiative welcomes submissions related to open-source software security, cybersecurity open-source tools, and digital rights. Submissions can be made to the HITCON OpenSource track. Additionally, speakers who submit to HITCON OpenSource may also have the opportunity to present their work at COSCUP if they are willing.
• Future Star
  • Due to the increasing quality of the papers submitted to the HITCON conference and the growing number of submissions received thus the possible alienation of emerging researchers, this year we have set up the "Future Star" program to encourage students to submit their work and provide them with a platform to present their research.

3. Delivery Preference

• Please create an account and submit the proposal through CFP Website (https://cfp2025.hitcon.org/) before the deadline
• Speakers should come onsite and present the research,
• All correspondence and queries should be sent to [email protected] with the headline "HITCON 2025"
• This year, HITCON will introduce the AI Review Assistant to enhance the efficiency of the review process. The AI Review Assistant will compile the author's past research, provide supplementary materials, and submission’s background. However, the AI Review Assistant will serve solely as a supporting tool and will not be used for filtering or decision-making.
• The submission system now includes an AI Review Assistant option. Authors who agree to use the AI Review Assistant can select this option in the system. Those with privacy concerns regarding their submission may choose not to enable the AI Review Assistant.

4. Important Dates

5. Speaker Benefits

HITCON will provide a speaker fee of $400 USD and an invitation to attend the VIP party and City Tour. During the conference, daily lunch, snacks,and drinks will be provided, as well as exquisite souvenirs. The accommodation during 8/14 to 8/16 will be covered.

For Hacking 101 speakers, HITCON will provide a speaker fee of $100 USD and invited to attend the VIP party and City Tour. During the conference, daily lunch, snacks, and drinks will be provided, as well as exquisite souvenirs. The accommodation during 8/14 to 8/16 will be covered.