NEWS

HONOR ROLL

Updates ongoing.

Second Place

Slides

Redbud & AOSP Union Team

One Computer — Within Seconds, Half of Global Services Become Unreachable？

A Challenge that Exploits Unknown Vulnerabilities in Fundamental Protocols to Cause Network Pollution and Denial-of-Service

Redbud Team

Redbud, is composed of information security enthusiasts from the Student Cybersecurity Technology Association of Tsinghua University. Their motto and belief are "Ultimate Technology, Extreme Pursuit, and Geek Spirit." The team has achieved the following honors: Champion of the WCTF Rookie Contest in 2020; First Prize in the XCTF Finals in 2021; Second Place in the Peak Geek competition in 2022; Runner-up in GEEKCON DAF in 2023; Champion in GEEKCON DAF in 2024.

AOSP Team

The AOSP team is part of the research group led by Associate Professor Xiang Li at Nankai University. Their research encompasses core cybersecurity fields, including network security, protocol security, vulnerability discovery, and large-model security. The team was Runner-up in GEEKCON DAF 2023.

Third Place

Slides

Yunfan Zhan

Protector vs. Predator: Have Crypto Wallets Become Gateways for Looting?

A Challenge that Exploits Unknown Vulnerabilities to Compromise Multiple Cryptocurrency Hardware Wallets and Execute 'Malicious' Transfers

Yunfan Zhan

He is a security researcher at DARKNAVY, conducting security vulnerability and offensive-defensive research in both Web2 and Web3 domains. He is the former captain of the 0ops team, which he led to win multiple international championships.

Third Place

Xianrui Dong

Your Glasses, My Eyes

A Challenge that Exploits Unknown Vulnerabilities to Silently Conduct 'Covert Photography' Using Cameras on Popular Smart Glasses

Xianrui Dong

Security researcher.

Honorable Mention

Slides

Wuying Security Lab

Smart — But Not Much

A Challenge that Exploits Unknown Vulnerabilities to Remotely Track, Locate, and "Steal" a Specific Smart Motorcycle

Wuying Security Lab

Wuying Security Lab is dedicated to research on vulnerability discovery and offensive-defensive techniques in IoT security, connected vehicle security, and industrial control system security. The team members have participated in competitions such as GeekPwn, GEEKCON, Tianfu Cup, and Butian Cup, and have won multiple awards.

Excellent speech

Slides

Google Android Red Team (US)

Fighting cavities: Securing Android Bluetooth by Red teaming

How I Exploited a Bluetooth Protocol-Parsing Vulnerability to Achieve Remote Code Execution on Android Devices

Google Android Red Team (US)

The Android Red Team enhances the security of the Android ecosystem by proactively identifying and exploiting vulnerabilities in key components and features. We emulate real-world adversaries to uncover critical weaknesses before they can be exploited.

Excellent speech

Slides

Postive Technologies (RU)

Buried in the Log. Exploiting a 20 years old NTFS Vulnerability

How I Discovered and Exploited a 20-Year-Old Vulnerability to Compromise the Windows Kernel

Postive Technologies (RU)

Positive Technologies Expert Security Center (PT ESC) doesn't just react to threats – we anticipate them. From uncovering previously unknown APT groups and discovering critical 0day vulnerabilities to securing global events like the Olympics and safeguarding elections, PT ESC operates on the cutting edge of cyber defense. Driven by a philosophy of “One step ahead of the attacker, predict and prevail,” our teams – encompassing Incident Response, Threat Intelligence, Vulnerability Research and more – generate over 1,000 detection rules and modules annually, proactively fortifying defenses and relentlessly pursuing a more secure digital world.

Excellent speech

Slides

Fengyu Liu (LFY) - Fudan University

Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

How I Used Directed Fuzzing to Generate Malicious Prompts and Compromise LLM-Based Agents

Fengyu Liu (LFY) - Fudan University

Fengyu Liu (LFY) is a Ph.D. candidate at Fudan University and the current captain of the Whitzard Team, supervised by Professors Yuan Zhang and Min Yang. His primary research interests include privilege escalation vulnerability mitigation and agent security. He has published eight papers at top-tier security conferences such as ACM CCS, IEEE Symposium on Security and Privacy (S&P), and USENIX Security Symposium, including four as the first author. He received the Distinguished Paper Award at IEEE S&P 2025 and was invited to present at Black Hat USA. His research outcomes have been adopted by leading companies such as Alibaba and Huawei, leading to the discovery of hundreds of high-risk 0-day vulnerabilities and acknowledgments from companies including Apple, Microsoft, and Intel. In cybersecurity competitions, he has won more than ten national-level cybersecurity exercise and CTF championships.

Excellent speech

Nan Wang (sakura), Ziling Chen (R1nd0)

Null to RCE: Breaking V8 through WebAssembly GC Type Exploits

How I Exploited a Vulnerability in the WebAssembly GC Feature to Achieve Arbitrary Code Execution in the V8 Engine

Nan Wang (sakura)

He is a security researcher. He ranked in the Top 3 of the Chrome VRP from 2022 to 2024, placed 2nd in the Facebook Whitehat program in 2023, and ranked 9th in the Microsoft Security Response Center (MSRC) Most Valuable Researchers (MVRs) in 2025. He has delivered multiple talks at international conferences such as Black Hat Asia, Black Hat USA, and Zer0Con, focusing on browser security and exploitation research.

Ziling Chen (R1nd0)

He is a browser security researcher. He has discovered dozens of vulnerabilities in Chrome, Safari, and Edge, including multiple remote code execution (RCE) flaws. He was a speaker at Black Hat Asia 2023, where he presented his research on browser security.

Excellent speech

Slides

Yufan Liu (X1r0z)

Hacking GraalVM Espresso Abusing Continuation API to Make ROP-like Attack

How I Analyzed and Exploited New JDK Features to Achieve Arbitrary Command Execution

Yufan Liu (X1r0z)

He is a senior undergraduate student at Nanjing University of Posts and Telecommunications. He is a member of X1cT34m and Nu1L Team, focusing on web security research.

Excellent speech

Xuangan Xiao, Zikai Xu

The Biometric AuthToken Heist: Cracking PINs and Bypassing CE via a Long-Ignored Attack Surface

How I Discovered and Exploited a Low-Level System Vulnerability to Recover Mobile Device Lock-Screen Passwords

Xuangan Xiao

He is a security researcher at DARKNAVY, focusing on vulnerability and defense research in mobile and system security. As a former member of the 0ops team, he contributed to the joint team’s victories in the DEFCON CTF International Championships in 2021 and 2022. In the academic field, he has published multiple papers at international conferences such as IEEE S&P.

Zikai Xu

He is a security researcher at DARKNAVY, focusing on vulnerability and defense research in mobile and IoT security. As a member of the AAA team, the joint team won the DEFCON CTF International Championship in 2021 and 2022.

Special Challenge Award

Slides

Shipei Qu, Zikai Xu

Mechanical Awakening or Out of Control? Just One Line of Code

A Challenge that Exploits Multiple Unknown Vulnerabilities to Remotely Hijack and Compromise Embodied Robotic Systems

Shipei Qu

He is a security researcher at DARKNAVY and a former member of the 0ops team. He received his Ph.D. from Shanghai Jiao Tong University. His research interests include hardware and low-level software security, binary program analysis, as well as side-channel and fault injection analysis. He has published multiple first-author papers at top international hardware security conferences such as CHES and DAC.

Zikai Xu

Special Challenge Award

Slides

Gewu Lab

Is Your Drone Still Listening to You?

A Challenge that Exploits Unknown Vulnerabilities to Remotely Hijack Drones or Cause Them to Crash

Gewu Lab

Gewu Lab focuses on security research in cyber-physical integrated business scenarios. Guided by the spirit of “investigating things to attain knowledge,” the lab is dedicated to vulnerability discovery and security analysis centered on intelligent devices, providing business scenario–based security solutions. Gewu Lab actively collaborates with partners to build a secure ecosystem for the Internet of Everything, safeguarding the digital transformation of enterprises and society.

Defender Award

Discloser: Confidential

No Installation, No Escape from Scams

The Gray Empire of the 'Quick App' Ecosystem

Defender Award

Discloser: Confidential

Hidden Corners

Traps on the Home Screens of Tens of Millions of Mobile Users

NEW FOCUS

Value through Confrontation

DAF Contest

KEEP ON PWNING EVERYTHING!

Limited time, unlimited targets and methods.

30+5 In-depth Sharing

VISUALIZED INSIGHTS.

Talk is Cheap, Show Me Your Demo.

Web3 and Hackers

(2025 Dubai Exclusive)

LIVE WEB3 THREAT DEMONSTRATION

Where Billion-Dollar Heists Get Replicated.

Drones & Robotics Security Contest

(2025 Shanghai Exclusive)

REWRITE THE RULES BEFORE SYSTEMS COLLAPSE

Unleash the Cyber-beast Within.

Special Disclosure

(2025 Shanghai Exclusive)

WHITE-HAT HACKERS CODE JUSTICE INTO REALITY

What tech giant are turning exploits into weapons?

COMMITTEE

Either the No. 1, or the Only 1.

RESTRICTIONS & NOTIFICATIONS

Professionalism is to try our best.

1 GEEKCON organizing committee (hereinafter referred to as "the committee") recognizes the technical capability of the winner individually, but doesn't acknowledge that it represents the capability of the winner's working organization.

2 The committee recognize and promote the comprehensive assessment of vulnerability exploitation capabilities and mitigation mechanisms from a confrontational perspective, and do not endorse the judgement of security levels of the target products involved in the event based on a single dimension or non-quantitative dimension.

3 The committee firmly follows the Responsible Disclosure principle. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

4 The committee advocates and encourages in-depth knowledge sharing and communication, but firmly opposes any speech and behavior that violates laws and regulations or infringes on the rights of others.

5 The committee guarantees that the participants' personal information will not be disclosed to third-party or used for commercial activities without their agreement and authentication.

6 The committee will provide awards and honors based on the research efforts, technical breakthrough, and technical innovation of the projects. As the top 1 security geek IP operator in China, the committee always advocate a reward mechanism that emphasizes both honor and moderate bounty, encouraging more geeks to participate in technical innovation and knowledge sharing.

THANKS TO THE SECURITY COMMUNITY

Geeks, solo but not alone.

SPONSORSHIP PARTNERS

TECHNOLOGY PARTNERS

COMMUNITY & MEDIA PARTNERS

ORGANIZER

CREATOR

PAST PARTNERS

About DARKNAVY

DARKNAVY, an independent and free-spirited security research organization and service provider. We have invented and established AVSS (Adversarial Vulnerability Scoring System) to evaluate and quantify vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. We have also initiated and organized GEEKCON, a unique and top-class security geek event, to empower the development of the global security community.

Our goal is to create a more secure digital world by eliminating vulnerabilities in IT products/services. By sharing our knowledge through consulting and R&D experiences, we aim to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.

About GEEKCON

GEEKCON is the new version of the top security competition, GeekPwn. Initiated by DARKNAVY, GEEKCON aims to become a globally unparalleled technical event for security geeks, pioneering and promoting the visualization and measurable values of security ecosystem capabilities.

Contact

Registration Desk:

cfp@geekcon.top

Business&Media Cooperations:

biz@geekcon.top

Official Partnership