• Great to have you here!

DefCamp 2026, the 16th edition of the largest cyber security & hacking conference from CEE is happening between November 19-20. 

First we are a community built in many years and as a community, we encourage knowledge sharing and collaboration.

We encourage all application security practitioners or security researchers to contribute to the DefCamp community by writing articles for the blog and show their work to the world or attending the conference and showcase the research on stage.

First time hearing of DefCamp?

Here are some things to get you hyped:

• 60+ speakers & over 2,000 attendees from 50 countries in 2025
• video overview of the last edition
• the event is being hosted in the second largest buildings in the world, Palace of the Parliament
• the conference is happening since 2011, lots of stories and experience to share 

What are the benefits for speakers?

• access to one of the largest cyber security communities from CEE
• exposure for your security research
• travel expenses covered by us 
• VIP treatment (including free access for one of your friends or family)

Submission Deadline(s)

Our Call for Papers will include three evaluation phases, meaning you have more chances of being selected if you submit sooner rather than later.

• Deadline for wave #1: June 15th, 2026
• Deadline for wave #2: August 30th, 2026
• Deadline for wave #3: October 15th, 2026

Submission Topics

We accept sessions on any of the following topics (the list is not exhaustive):

Cyber-Operations, AI & Emerging Technologies

• AI/ML Security – LLM security, prompt injection, jailbreaks, agentic AI security, adversarial ML
• Offensive and defensive AI – AI-assisted red teaming, AI in SOCs, AI-generated malware
• Deepfakes, synthetic media detection, AI-enabled fraud
• Disinformation, influence operations, election security, hybrid warfare
• Post-Quantum Cryptography (PQC) migration, quantum-safe protocols, "harvest now, decrypt later"
• Applied cryptography, including PQC and confidential computing
• Blockchain, Web3, smart contract security, DeFi exploits, crypto forensics
• 0-day research, vulnerability discovery, and coordinated disclosure
• Next-gen exploits, mitigation bypasses, EDR/XDR evasion, modern OS internals
• Case studies of cybersecurity incidents and breaches

Governance, Compliance, and Business Strategy

• Legal & regulatory landscape – NIS2, DORA, CRA, AI Act, GDPR, eIDAS 2
• Business, Management & Innovation in cybersecurity
• Digital Transformation & Security Awareness
• Cyber insurance, risk quantification, board-level cyber governance
• Sovereign tech, EU cybersecurity strategy and funding instruments

Web, Software, and Infrastructure Security

• Web Application & API Security
• Secure Software Development Lifecycle (SSDLC) & DevSecOps
• Cloud, Container & Kubernetes Security; serverless and multi-cloud
• Critical Infrastructure Security – SCADA/ICS, OT, energy grids, satellite, automotive, GSM/5G, rail
• Mobile Security – Android, iOS, app reverse engineering
• Software supply chain security and dependency-confusion class attacks
• Identity, IAM, and Zero Trust architectures

Hardware, Forensics, and Reverse Engineering

• Hardware hacking, fault injection, side-channel attacks, defeating "secure" hardware
• IoT and embedded device security, firmware reverse engineering and emulation
• Forensics – memory, disk (incl. SSD), network, cloud, and mobile forensics
• Malware analysis and reverse engineering
• Automotive and aerospace reverse engineering

Wireless, Communication, and Physical Security

• Radio security – NFC, WLAN, GPS/GNSS, HAM, Satellite, RFID, Bluetooth, LoRa, Zigbee, 5G
• SDR research and signal exploitation
• Drone hacking & counter-drone – UAV protocols (MAVLink), GPS spoofing, FPV systems
• Robotics security – industrial robots, autonomous systems, ROS exploitation
• Physical security – lock-picking, physical access control bypass, badging

Evaluation Process

All submitted sessions will be filtered and rated by our content committee. Selected speakers will be invited to attend this year’s DefCamp event on November. Travel and accommodations will be covered for all selected speakers not based in Bucharest (Romania).

Evaluation Criteria

• Technical or management expertise 
• Past experience as a speaker
• Presentation skills
• Session content
• Session level
• Tips for a winning submission

Before submitting your session, you might want to consider the target audience you’ll be talking to and some of the other tips we have put together for you. You can submit more than one session.

We are marking all sessions on the agenda according to their technical depth level. We will use something similar to the TechEd conference session levels (ranked 100-400), so you will be asked to evaluate or plan your target session level before submitting it.

Check out an overview of the SESSION LEVELS we use here.

Feel free to check the sessions from past years if you need some inspiration.  

Also, please keep the following recommendations in mind:   

• Write a descriptive, fun, and enticing title – this should “sell” your session to the audience 
• Target 300-400 level technical content; 100 and 200 level content is in low demand – if you say your talk is level 400, then make sure it is, or be prepared for a barrage of feedback in your evaluations!
• Describe content that is new, unique, or significantly refreshed from a previous presentation
• Take a solution-oriented approach
• Ensure there is minimal marketing talk in your content
• Showcase your speaking experience (past events/sessions you’ve had, ideally sessions which were also recorded)
• If targeting levels 100-200, focus on currently released or upcoming technologies
• Look into an advanced/expert approach to existing technologies and solutions (levels 300-400)
• Include one or more live demos for technical sessions; historically, sessions with strong demos receive higher audience scores
• Include personal experience; this goes down well with an audience of your peers, as everyone prefers to learn from someone else’s mistake instead of having to go through it themselves

Please note that sessions focusing on proprietary technologies or solutions and selling/advertising those technologies will be ignored from the start. Also, the DefCamp organizers reserve the right to select specific sessions based on other criteria or preferences as needed.

Accommodation and travel is covered only for speakers for Nov. 18th - Nov. 22th There will be also other benefits such as: VIP & Speakers Lounge, Dinner & Trip.