RomHack Conference 2025

10:15 – “HTTP/1.1 Must Die! The Desync Endgame” by James “albinowax” Kettle [ 📺 Video | 🖋️ Slides ]

11:05 – “Attacking Assumptions Behind the Image Load Callbacks” by Denis Nagayuk (diversenok) [ 📺 Video | 🖋️ Slides ]

11:55 – “7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built” by Leon Jacobs [ 📺 Video | 🖋️ Slides ]

14:45 – “Internal Domain Name Collision 2.0” by Philippe Caturegli [ 📺 Video | 🖋️ Slides ]

15:35 – “Sign Here to Bypass: From macOS Intune PRT Cookie Theft to Entra ID Persistence” by Shang-De “John” Jiang & Kazma Ye [ 📺 Video | 🖋️ Slides ]

16:25 – “The Ultimate Guide for Protecting Hybrid Identities in Entra ID” by Dr Nestori Syynimaa [ 📺 Video | 🖋️ Slides ]

17:15 – “The (Un)Rightful Heir: My dMSA Is Your New Domain Admin” by Yuval Gordon [ 📺 Video | 🖋️ Slides ]

RomHack Training 2025

– Offensive Entra ID (Azure AD) and Hybrid AD security training by Dirk-Jan Mollema

– Burp Suite Pro, 100% hands-on by Nicolas Grégoire

– Advanced .NET Exploitation Training by Sina Kheirkhah

– The Art of Fault Injection: Advanced Techniques & Attacks by Raelize – Cristofaro Mune & Niek Timmers

– Hunting Zero-Days In Embedded Devices by Pedro Ribeiro and Radek Domansky

RomHack Format

RomHack is a format made by the non-profit association Cyber Saiyan and composed by

a Conference that had in 2025:
- more than 900 attendees from 35 countries;
- 170 students;
- 35 kids;
a Training session that had in 2025:
- 72 students from 20 countries;
a Hacker Camp.

The Conference has international speakers and audience and is one of the main cyber security conferences in Italy.

In 2025 we had have a track dedicated to the kids and a Live Hacking Event during the Conference, a Training sessions the days before.

Did you ask about the Camp? The next RomHack Hacker Camp will take place from Friday, September 25 to Sunday, September 27, 2026!