We welcome submissions on any information security-related topics. This year's submissions are divided into three categories: HITCON presentation sessions, and HITCON Hacking 101 (tutorial sessions), and you can decide which direction your submission is best suited for. However, the review committee may adjust the session type based on the content of your submission. We suggest a presentation session length of 40 minutes, including Q&A, while a tutorial session is 80 minutes, including Q&A.

1. Submission Scope and Topics

• Artificial Intelligence (AI) Hacking: Data Science for Security, Machine Learning (ML) & AI for Security, Hacking ML & AI, ML&AI Reasoning and Interpretation, Adversarial Machine Learning
• Exploit & Vulnerability: Red Team, Exploit Development, Exploiting Memory-safe Language, Fuzzer, Wormable Vulnerability, Web AppSec
• Malware: Malware Analysis, Malware Development, Ransomware, APT/Cybercrime, Reverse Engineering
• Blue Team: Digital Forensics, Incident Response, Security Operation Process and Automation, Detection Engineering, SOAR, Detection as Code
• Cloud Security: IAM in the cloud infra, Penetration & Vulnerability Discovery in Cloud Environment
• Privacy and Data Protection: Encryption, Key Management, Post Quantum Cryptography, Side Channel Attack
• Blockchain Security: Web3, Cryptocurrency, DeFi
• IoT Hacking & Security: IoT security, IoT Protection, IoT Hacking & Exploit, IIoT security, Hardware Reversing Engineering, Radio Hacking, Cyber Physical Security (CPS)
• Communication Hacking: Telecommunications Hacking, Communications Satellite, 5G/6G Security & Radio Hacking
• Talent Education and Security Community: CTF, Cyber Range, Experience of Security Community, Legal and Social Aspect of Information Security
• Enterprise Security: Cyber Security Framework, Cyber Defense Verifications, Breach Attack Simulation, Patch Management, Cloud Security, Infrastructure Governance, PSIRT
• Cyber Security Maturity Measurement: Security Risk Measurement, Defense Performance Analysis, PSIRT Maturity, CSIRT/SOC Maturity
• Supply Chain Security: Supply Chain Risk Management, DevOpsSec, SLSA, SBOM
• Vulnerability Management: Vulnerable Disclosure Procedure, Vulnerability Discovery, Vulnerability Prioritization
• Security Compliance: Automatic and Continuous Compliance

2. Submission Option

HITCON OpenSource: Special Collaboration between COSCUP and HITCON

To encourage hackers to contribute to open-source projects and to promote an open and sharing mindset for cybersecurity, HITCON is launching the HITCON OpenSource initiative in collaboration with COSCUP this year.

COSCUP (Conference for Open Source Coders, Users, and Promoters, https://coscup.org/2025/event/) is an annual conference in Taiwan, jointly organized by open-source communities.  This initiative welcomes submissions related to open-source software security, cybersecurity open-source tools, and digital rights. Submissions can be made to the HITCON OpenSource track. Additionally, speakers who submit to HITCON OpenSource may also have the opportunity to present their work at COSCUP if they are willing.

Future Star

Due to the increasing quality of the papers submitted to the HITCON conference and the growing number of submissions received thus the possible alienation of emerging researchers, this year we have set up the "Future Star" program to encourage students to submit their work and provide them with a platform to present their research.

HITCON will provide a speaker fee of $400 USD(regular session) or $100 USD(Hacking 101)) and an invitation to attend the VIP party and City Tour. During the conference, daily lunch, snacks,and drinks will be provided, as well as exquisite souvenirs. The accommodation during 8/20 to 8/22 will be covered.