Swapping Conferences
I had to give up on Bsides Canberra due to my recent move, but instead took the opportunity to attend the national Hacks In Taiwan Conference 2025!
My overall experience was nothing short of spectacular. I paid NTD 5,500 (roughly 290 AUD) for a general ticket, which sounds like a lot upfront but I thought it was well worth it in the end.
Even if you’re a first-timer or can’t speak fluent Mandarin I would recommend going at least once
Population & Language
Although Taiwan is a predominantly Mandarin-speaking country, I was quite impressed by the lineup of speakers, which consisted of local Taiwanese hackers, English speakers from Western countries as well as Japanese speakers from neighbouring Japan.
Language was not too big of a hurdle though, as the speakers were encouraged to present in their language of choice, and translations would be supported:
- ENG -> ZH
- ZH -> ENG
- JP -> ZH
The ENG <-> ZH translation was performed via a realtime SaaS entity, which could provide speech-to-text translation in realtime. For the JP -> ZH translation, it was done manually using an official translator on a seperate livestream running in tandem with the talk.
In terms of conference attendees, a good 50% or even more were students - ranging from high-school level all the way to university. There were also various working class adults ranging from those with only a few years experience up to those with 20+ years of experience. In terms of international conference-goers, I bumped into small groups of Caucasians (some worked locally in Taiwan or from Japan), Japanese, folks from Hong Kong and a Singaporean too!
That being said the skill-gap was pretty fucking insane, you had people attending who were just getting started in cyber walking amongst past Pwn2Own winners, but this is probably not unique to HITCON, it just felt more apparent here compared to Australia.
Talks talks talks
Without going into too much details, I learnt a lot and was able to meet and chat with some speakers, which gave me some insight into their thought processes etc.
The past is prologue: Intel needs to evolve to survive - Visi Stark
One API Call to Rule Them All: Precision Attacks from Hardware Reversing to Full System Compromise - NiNi
(see slide)
The Art of PHP — My CTF Journey and Untold Stories! - Orange Tsai
The big highlight for me was being able to chat with and learn more about Pwn2Own from NiNi (DEVCORE) as well as Rick and Carlos (PHP Hooligans)
Lunch and Tea
Surprisingly, lunch, drinks and tea were provided for free! It was very much first come first serve basis, but the organisers made sure there was enough for everyone. For example, I never saw the food run out during teatime, this is a testament to the organisers preparation and also perhaps the conservative nature of the attendees.
Booths & Networking
I spent most of time networking with as many people as I could, my only regret is that I didn’t attend the Hacker dinner events, as those would probably have helped me network even further. It was really good chatting to students as it seems they have strong support networks here to help them succeed in their respective cyber field. Talking to international attendees also helped me find out more about what I needed to do to further my career path (both for myself and for the local market).
The booth layouts made sense, and had a good balance of communities and villages as well as sponsors. Sponsor desks were a great time to learn more about the company and farm some merch
CTFs & Workshops
The conference actually ran a CTF as well as some ongoing workshops such as:
- Car Hacking demo, where I got introduced to RAMN
- Badge Hacking workshop, tinkering with BadUSB etc.
- Hands-on IoT firmware extraction and forensics
- Return Oriented Programming (ROP)
However, with networking being a priority of mine, I gave these a skip, maybe next time! Kudos to the organising team, I could tell a lot of effort went into preparing the villages!
Badge Life
This years badge was really great! From what I heard it is the most sophisticated badge of HITCON so far, it has really cool functions such as:
- Sidescrolling name display
- Mini games such as Tetris, Snake and the Chrome 404 Dinosaur game (with coop and versus)
- Hacker pets (kind of like Pwnagotchi)
More details available here
Location & Bus Life
The conference was located at the Academica Sinica campus:
This year shuttle buses were provided which was nice, ferrying conference-goers from the nearby Nangang Exhibition Center MRT Station during the morning and evening times of the conference.
In true collectivist fashion, the bus does not depart until it is full - ensuring full usage and that most people who queued and waited are able to get to their destination.
Closing Statement
Finally, I got emailed a certificate of attendance which was a nice touch!
I also thought their CVE initiative was pretty good! Trading bugs for tickets I didn’t find this out until writing this blog…