Conference talk recordings from DEF CON Singapore are now online!

📅 Full conference program

🖥 Key talk recordings

We've selected a few talks worth checking out:

🛑Exploiting the Unexpected: A Pwn2Own-Level Break of a Printer. The authors present an attack scenario against Canon printers that earned them a win at Pwn2Own Ireland 2025. 🛑Confused Recovery: A New Attack Class on Windows Recovery. This talk introduces a new attack class against WinRE that can bypass BitLocker and extract encryption keys. 🛑Finding a Generic Mali GPU Read/Write Primitive for Real-World Exploit Development. The authors present Mali-RWP, a tool for exploit development on modern CSF-based Mali GPUs, addressing the lack of suitable tools for newer architecture versions. 🛑Turning Spam Filters Into Your Greatest Enemy: Intrusions Via RCEs in E-Mail Spam Filters. The talk covers real-world APT intrusions exploiting vulnerabilities in spam filters across various email server vendors and the sophisticated malware used in these attacks. 🛑Impersonate Me: Misconfigurations in Entra ID and Identity Libraries Leading to Privilege Escalation. This talk discusses two critical vulnerability classes in Entra ID applications that enable privilege escalation. 🛑PackageGate: Finding 0-days in every JS Package Manager. The authors detail seven 0-day vulnerabilities in npm, yarn, pnpm, Bun, and vlt that bypass --ignore-scripts and lockfile integrity checks. 🛑Smuggling Identities: Abusing MIME Header Parsing Across Major Email Providers. The research reveals a new class of email spoofing attacks that exploit inconsistencies in MIME header parsing across major email providers.