RootedCON 2025: The Premier Cybersecurity Event in Spain

-“Is this where you want me to drop you off?” the taxi driver asked.

-“But there’s no one here,” I replied. “This is a huge conference; we should see people around.” The driver moved a little further, but the surroundings remained deserted.

-“Look, there are some people over there,” he pointed out.

-“So few people, just about ten at the entrance,” I thought. I got out of the taxi and started climbing the stairs. Each step has a banner that reads “RootedCON,” guiding me to the top, almost, because some signs had already been taken. I thought it was a brilliant idea; I wanted one of those cool posters too. I tried peeling one off… impossible. The wind, the rain, the cold—Madrid’s winter made my fingers feel like they were about to break. I continued forward, reached the glass doors, and then walked in. I found it:

The central area was occupied by sponsors, including Tarlogic, Telefónica, Capgemini, CrowdStrike, DXC Technology, NTTData, SIA, Palo Alto, Fortinet, Kaspersky, Tecalis, Accenture, Advens, S21Sec, and Vapasec, handing out giveaways if you won one of their games. The dimly lit space, illuminated by blue neon lights, set the atmosphere. Large red numbers identified the eight conference tracks, seamlessly blending into the decor, as if they had been designed just for the event.

At the massive auditorium doors, a volunteer checked access wristbands. Upon entering, the enormous screen welcomed attendees with the lone figure of the speaker against a dark gray and blue background, featuring a minimalist design that emphasized only the text and content—a striking sight, considering we were in a movie theater. I walked up slowly and sat in a VIP seat; the auditorium was nearly full. It felt like a scene from a movie—an underground world dissecting the latest tech trends. In summary, an impressive production, from the venue selection to the details like signage, logos, the welcome pack, and the overall ambiance.

This year marked RootedCON’s 15th edition. Back in 2009, a group of friends gathered to create a cybersecurity event. Their goal? To share knowledge and bring visibility to a field that had been largely closed off and even viewed negatively. Valuable professional insights in this field come from both sides of the spectrum. That’s why, under the premise of neutrality, as Alberto Rodríguez, one of the organizers, explained to me, “everyone, both the good and the bad actors, would have a place here as long as they remained respectful.” The initiative goes even further, focusing on in-depth analysis and exposing technologies that may pose risks to the public, particularly in Spain. And ultimately, taking action, because it also serves as a platform to advocate for aligned causes, as Román Ramírez stated*.

RootedCON continuously collaborates with humanitarian projects such as the Fundación Good Job and the Data Recovery Assistance Project for Companies Affected by Dana in Valencia. Their cybersecurity initiatives include educational content on sexting, cryptocurrencies, and more. They also champion a project to protect online anonymity and fight for internet neutrality and an open web.

RootedCON is a nonprofit organization, and its organizers are volunteers who dedicate countless hours and passion to bringing this event to life. In fact, as soon as one edition ends, they immediately meet to analyze mistakes and start planning the next one. Let’s take a look at the team behind it:

Arantxa Sanz: She is currently the president of RootedCON. For the past six years, she has dedicated herself full-time to RootedCON, managing everything from logistics to marketing, sponsorships, and other aspects. She was previously a SAP consultant.

Alberto Rodríguez: He is an IT Service Management Consultant Manager ISO20000, ISO 27001 LA, ITIL Expert, FitSM Advanced Certified, OpenPM² (PjM) Certified, ISO21502 Leader, OpenPM² (PgM) Certified, CAPC CertiProf, SMP.  He is the organizer of RootedCON in Madrid and Valencia.

Lucas Varela: On a day-to-day basis, he is the co-founder of Onum & CTO. Onum is a startup that enables companies to derive value from data in transit, helping IT and Security teams move at the speed of business. With real-time data processing, Onum reduces inefficiencies, optimizes workflows, and minimizes the impact on analytics platforms, enabling actionable responses in milliseconds, not minutes.

Omar Benbouazza: In his day-to-day life, he is a hacker and technology enthusiast. He is also responsible for Threat and Vulnerability Management at IKEA. He is Dircom at RootedCON, where he designs and executes communication strategies to enhance the brand’s online presence. He manages the social media team and implements SEO tactics to increase RootedCON’s visibility globally.

Román Ramírez: In his day-to-day work, he is an expert in solving complex problems, whether they are human or technological. He defines his personality as follows:

MBTI-> ENTP (Extraversion iNtuition Brain Perceptual)

DISC-> D100 I90 I90 S20 C10

BIG5-> O100 C70 E100 A60 N6

Sergio Muñoz: On a day-to-day basis, he is DevOps Lead – Principal Engineer at Marvell Semiconductor. He is also a video engineer and a proven track record in the semiconductor industry. Skilled in C, Python, Linux Kernel, software development, and security. Professional with a strong background in art and design, with a degree in Computer Science from the University of Extremadura.

Cristian Cantos: In his day-to-day work, he is a security analyst at Layakk. He studied Telecommunications Engineering at the Polytechnic University of Valencia. He is passionate about computers and everything related to them (internet, electronics, protocols, society…), especially information security.

Irene Crespo: In her day-to-day work, she is an Airborne Connectivity Systems Engineer at Airbus Defence and Space.

Joaquín Alonso: In his day-to-day work, he is an SSDLC security engineer at ING Spain & Portugal.

Jorge Martínez: Daily, he is a systems certification auditor at Applus+ Laboratories. He is also a Software Engineer specialized in Cybersecurity, a university professor, and an artist.

Miguel da Cruz: On a day-to-day basis, he is the managing director at Socnology, LLC. At RootedCON, he leads the event in Portugal.

These highly skilled professionals cover various fields, including cybersecurity, risk management, software development, communications, and technological innovation. Their expertise spans consultancy, threat management, systems engineering, and entrepreneurship, bringing a comprehensive vision to the event.

The first edition was held in 2010 at the Mapfre Convention Center Auditorium in Madrid, with around 300 attendees and another 900 on the waiting list. Since then, RootedCON has become an annual event in Madrid, later expanding to Valencia since 2014, Málaga (2021, 2024), Portugal (2024), and Panama (2024).

My first RootedCON experience was at the 2024 Valencia edition, celebrating its 10th anniversary. Held at the Santiago Grisolía Auditorium in the Principe Felipe Science Museum, part of the iconic architectural complex of the City of Arts and Sciences, designed by Santiago Calatrava. It had a distinctly local feel, featuring a single track of spectacular talks and excellent catering. Compared to Madrid, it was a smaller event, a testing ground for new ideas before introducing them at the main conference.

First Part of RootedCON 2025 Madrid: Training Sessions

The event kicked off with training sessions on March 3-5 at the Eurostars I-Hotel in Pozuelo de Alarcón. The content is organized in two formats: the three-day RootedLabs advanced training sessions and the one-day Bootcamps. Let’s see more details:

• OSINT Essentials with Jezer Ferreira & Jaime Esquivias:
  About Open Source Intelligence and how to apply it to investigations of people, companies, and products.
• Red Team Operations 2025 with Eduardo Arriols:
  Development of intrusion exercises and real attack simulations, understanding the process, phases, and actions, as well as the techniques, tools, and guidelines to succeed in any exercise regardless of the target organization.
• Hardware Hacking Bootcamp 2025 with David Meléndez & Gabs García:
  Deepening in hardware with Linux, IoT, and embedded systems, teaching you how to create innovative devices, such as WiFi Pineapple, and master practical skills such as soldering and device development.
• Active Directory Attacks with Alejandro Amorin & Axel Losantos:
  Identifying insecure configurations, exploiting known vulnerabilities, performing lateral moves, and applying advanced techniques to compromise and maintain AD persistence.
• Incident response in Windows and O365 with Antonio Sanz:
  Procedures, strategies, and tools to respond to a security incident in a solvent way. With a practical approach, the phases of incident response were discussed, indicating in each case the best tools available and the best way to get the most out of them, as well as the quick wins that allow finding the malicious activity as soon as possible.
• Cloud Pentesting (AWS, GCP, Azure) 2025 with Carlos Polop & Ignacio Domínguez & Jaime Polop:
  From scratch with the basic principles of the biggest clouds: AWS, GCP & Azure, how to use and abuse the main services of each one.
• Privilege Escalation in Linux Lab with Manuel González Regal:
  The concepts of privilege escalation and persistence were explained, detailing how to perform an enumeration of vulnerable systems to identify potential escalation paths.

Second Part of RootedCON 2025 Madrid: The Conference.

Next, the conference began with 215 speakers and 221 sessions, including both presentations and roundtable discussions. For the selection of talks in RootedCON’s tracks, a “Call for Papers” (CFP) is opened on the website. The agenda is designed with few breaks, and there is no catering; everything is focused on consuming the information.

The presentations align with the mission of RootedCON, combining rigorous analysis of emerging technologies with a critical view of their impact on security and society. It’s important to note that honest debate on hot and highly relevant topics is promoted. Some of the most popular talks included:

“Tebas won’t let you watch football”—a roundtable featuring Román Ramírez, Omar Benbouazza, Ofelia Tejerina, Tomas Ledo Guerrero, and Javier Maestre, the latter being a lawyer specializing in technology at RootedCON.

RootedCON is actively participating in the LaLiga case (the National Professional Football League), chaired by Javier Tebas. They managed, through a court ruling, to block the IPs of alleged websites pirating their broadcast signal on a massive scale. As a result, the service of hundreds of unrelated websites, which use a shared IP provided by Cloudflare, was also interrupted. According to LaLiga, 40% of the “pirate” IPs are managed by this company*. It’s expected that the disruptions will continue until May 28, when the football season ends. Some of the websites affected by collateral damage include the Real Academia Española (Royal Spanish Academy), Japonismo, Docker, GitHub, and pages of groups at risk of exclusion, who have interpreted this as censorship, among many others. Cloudflare filed a legal complaint against the ruling that supports these blocks.

Beyond the financial losses and other issues caused to all those affected, we also discuss net neutrality, the open internet, and its future with rulings of this nature. RootedCON filed a legal appeal on February 28, formally requesting the annulment of the judicial actions backing the blocks.

The roundtable discussion focused on explaining the situation and how legislation was passed without guaranteeing the rights of all citizens. They also discussed RootedCON’s commitment to such causes, with Román Ramírez stating, “If we have to shut down the project (referring to RootedCON) to defend these rights, we will do it.” Unfortunately, on March 31, 2025, the judge dismissed Cloudflare and RootedCON’s request. As they mentioned in the roundtable, they remain committed to the process.

I would like to highlight the presence of Ofelia Tejerina, author of the book “State Security and Privacy”, Coordinator of the book “Legal Aspects of Cybersecurity”, Doctor in Constitutional Law (UCM), President of the Association of Internet Users, and Trustee of the Fundación España Digital. She also holds several recognitions such as “Hacker Trajectory and Commitment” – RootedCON 2025, “Best Digital Lawyer” – ENATIC 2021, “Best Practices” (team) – AEPD 2019, and “LegalTech” – CONFILEGAL 2018. These are just a few of her merits, but if you want to know more, you can visit her profile at Ofelia Tejerina Profile.

Another well-attended talk was “Security Issues in Robotics” with Claudia Álvarez Aparicio and Adrián Campazas Vega from the University of León. This incredible talk started with how robots have already become part of our lives, coexisting with us in homes, stores, industries, etc. In this session, they focused on the security issues of a quadruped military robot, specifically the Vision 60 model from Ghost Robotics, as well as the potential implications of its deployment in various fields. During part of the day, we could see the robot in the halls of RootedCON.

“Supply Chain Attack on Hezboll@h: The Explosive Seekers” with Andrés Soriano and Javier Rodríguez was also a hit. The speakers analyzed the tactics used to infiltrate and sabotage Hezbollah’s communication network in Lebanon. They detailed how components in the supply chain were tampered with to integrate explosives into communication device batteries, as well as the hardware hacking and firmware modification techniques used to remotely and synchronously activate the explosive charges.

“Dark Territory II: Paralyzing the High-Speed Rail Network” with David Meléndez Cano and Gabs García. This is the second part of a study the authors have been conducting on how to exploit the ASFA system of a railway network by abusing its beacons. Last year, they showed the results of their research and made it available to Renfe to improve security measures. This year, they presented the final phase of the project, demonstrating how to create fake beacons and test them with devices presented last year. Additionally, they discussed the possibility of repeating the process for the European ETCS/ERMTS system, which serves as an interoperable standard for all of Europe, currently implemented mainly in high-speed lines and a few conventional-speed ones. With these two approaches, they covered almost all of the current use cases used in the European network.

And finally, “Laife get’s better” with Chema Alonso, who has been a speaker in all RootedCON editions. He shared how he fell in love with technology thanks to the science fiction movie Tron, where a computer and video game programmer is transported into the world of a computer’s software. He also mentioned other films such as Blade Runner and Interstellar, transitioning from science fiction to the current world where Artificial Intelligence is a reality. He then showed an experiment to answer the following question: “How do we detect that robots and AI are conspiring against humans?” To do so, he played with the classic Prisoner-Robot problem, raising a cryptography and steganography problem about how to tell if two robots in front of us are being controlled. For more information, visit: Chema Alonso “Laife get’s better”.

All the talks maintained a high level of technical and professional rigor. In the end, it is impossible to attend all sessions, so we must choose based on the topics most aligned with our professional goals. Sometimes it’s quite a challenge, but it’s also beneficial to have so much information at your disposal.

Exclusive Tracks:

This year, in addition to the conferences organized by RootedCON, new thematic tracks curated and managed by independent organizers were introduced. In total, there were eight simultaneous tracks each day. Let’s take a look at what they were:

OSINTOTRACK: Led by Jezer Ferreiro, Roberto González, and the Osintomático team. One of the most popular tracks with long lines to enter the room. Topics included investigations, the Deep Web, missing persons search with OSINT, Charisma, CTF, and more. Sponsored by Grant Thornton. @OSINTomatic OSINTomatic 2025

Divulgando HOY: Organized by: Antonio Fernandes. In this track, we saw some of the most influential content creators in cybersecurity. Among them were Antonio Fernandes, Martín Vigo, Yolanda Corral, Kike Gandia, Rafael López, Jordi Murgó, Oscar Calvo, Daniel Fernández, Vins Vilaplana, José Javier Pastor, Miguel Ángel Diaz, Albert Corzo, Marta López Pardal, María Aperador, Andres David Naranjo, Daniel Puente Pérez, Enrique Cervantes Mora, Ruben Fernandez Nieto, and David González González.

AI: The technology that currently occupies most of our interest. Artificial intelligence is redefining hacking. This track explored the fine line between offensive and defensive use in artificial intelligence.

Criptored: Conferences from one of the largest cybersecurity communities in Spain. Organized by @Criptored, which was created to establish a common virtual environment for collaboration and the exchange of freely distributed information.

ISACA Madrid Chapter: Organized by ISACA Madrid Chapter. A track dedicated to topics around the development of ISACA certifications and certificates.
ISACA Madrid Chapter @ISACANews

ProtAAPP: Organized by PROTAAPP, which focuses on protecting public administrations. They represent the cybersecurity community of public employees. You can find them here: PROTAAPP, X: @protaapp

Securiters: Organized by @securiters. A project for cybersecurity awareness, and their track covered various cybersecurity topics.

DFIR: Organized by INCIDE – DIGITAL DATA SL. @1NC1D3. A track dedicated to Incident Response and Forensic Analysis. Topics covered included:

• Cyberinsurance and its impact on incident management.
• Traffers and cybercrime: how they operate and how to combat them.
• Forensic curiosities and practical cases in forensic analysis.
• European collaborative projects with law enforcement.
• Practical workshops on incident response with CrowdStrike.
• Our talk on Data Leak Sites.

Protocolo 2/86: Organized by: FFCCS. Forces and Law Enforcement Agencies of Spain. An amazing track dedicated to cybercrime investigations from every angle:

• Challenges and issues in digital investigations,
• Judicial procedures and legal processes,
• Collaboration with the private sector for better crime handling.

ANON: Organized by CriptoRed CriptoRed @criptored. One of the largest cybersecurity communities in Spain. A neutral forum where experts and professionals explored the challenges and balances necessary in any democratic society.

CYBERRESILIENCE: Organized by Kyndryl. A track covering how to anticipate, protect, and recover from any security incident or operational disruption.

Three intense days, during which the children of the speakers were also considered, with special play and learning areas created for them. Additionally, Saturday was Family Day, featuring a ball pit, workshops for children, including one on robotics, available for all attendees to enjoy. Every evening concluded with a party, beerworking, and an electronic music session led by División Sonora and Mondo Sonoro.

Third Part of RootedCON: Hacker Night

One of the most exciting activities was Hacker Night, which started at 11:00 PM on March 7th. Over 100 hackers participated, spending the night hunting for the most atypical and sophisticated bugs and vulnerabilities. The results are currently being analyzed and are in the evaluation phase. A total prize pool of one million euros will be distributed among the winners. As of today, March 31, 2025, the results are still unavailable.

The End

After six intense days—by saying this, I mean the three days of training and then the three days of the Congress—the major event for the cybersecurity community in Spain has come to an end. It was a meeting point for experts, enthusiasts, and professionals who share a common vision and understand the importance of the field. It was a very special event where around 7,900 attendees, including myself, were able to enjoy excellent presentations prepared by speakers who are deeply involved in research and building secure technologies.

The event had a fantastic production, with attention paid to every detail. Not only did it offer a great opportunity to stay updated, but I could also see the vast 15 years of experience, along with the love and dedication of its organizers, evident in the numerous details aligned to provide an exceptional experience. It was also impressive to witness their commitment to the tech world and their defense of internet neutrality and freedom. We know that these values can quickly become distorted if not protected and if challenges, regulations, and interests of all kinds—especially economic ones—are not faced. This is one of the defining characteristics of RootedCON, a platform for knowledge and support for causes that defend our freedom on the Internet. Putting the human being and their rights at the center of technology has made it a key event in the tech sector.

Right now, preparations are already underway for the next edition, where you can participate as a speaker, volunteer, or attendee. It has been an immense pleasure to write this article, delving into many details of the unfolding of this event. “Memories bring the past back to life,” which means that I have already relived my experience several times through these lines. And yes, I ended up with the poster! I could not tear it off, but someone kindly gave it to me. At the end of the event, it is a tradition that assistants “steal” the signage, and some are raffled off. Many thanks to everyone who made it possible, and congratulations on the great work.

See you next time!

More: Cibersecurity talk with Sara Martinez.

Quotes:

1. Conversación con Alberto Rodríguez, organizador RootedCON.

2. “Tebas a quedar sin futbol”. Mesa Redonda. Román Ramírez, Omar Benbouazza, Ofelia Tejerina, Tomas Ledo Guerrero y Javier Maestre. Congreso RootedCON. Madrid. 7 de marzo 2025.

3. Jordi Pérez Colomé. (01 MAR 2025 – 05:20 CET). Por qué LaLiga se enfrenta a un gigante de internet por la piratería: “Tiran nuestras notificaciones a la papelera”. El País. https://elpais.com/tecnologia/2025-03-01/por-que-laliga-se-enfrenta-a-un-gigante-de-internet-por-la-pirateria-tiran-nuestras-notificaciones-a-la-papelera.html?

4. Juan Antonio Pascual Estapé. (9 mar. 2025 18:48h). Javier Tebas la lía: los bloqueos de LaLiga a Cloudflare tumban la web de la RAE, pero hay novedades. Computer Hoy. https://computerhoy.20minutos.es/internet/javier-tebas-lia-bloqueos-laliga-cloudflare-tumban-web-rae-pero-hay-novedades-1447206

Sources:

-Conversación con Alberto Rodríguez, organizador RootedCON

-Conversación con Carla Marín, Lorena González y Alejandra Villegas del Gabinete de Prensa https://nboca.es/

-“Tebas a quedar sin futbol”. Mesa Redonda. Román Ramírez, Omar Benbouazza,  Ofelia Tejerina, Tomas Ledo Guerrero y  Javier Maestre. Congreso RootedCON. Madrid. 7 de marzo 2025.

-Jordi Pérez Colomé. (19 FEB 2025 – 08:54 CET). Cloudflare lleva a los tribunales a LaLiga para evitar más bloqueos indiscriminados de páginas web. El País. https://elpais.com/tecnologia/2025-02-19/cloudflare-lleva-a-los-tribunales-a-laliga-para-evitar-mas-bloqueos-indiscriminados-de-paginas-web.html

– Javier Pastor. (17 Febrero 2025 Actualizado 18 Febrero 2025, 14:53). La batalla entre LaLiga y Cloudflare se está cobrando muchas víctimas. Ahora esas víctimas están uniendo fuerzas. Xataka. https://www.xataka.com/legislacion-y-derechos/bloqueos-ips-cloudflare-laliga-estan-pagando-justos-pecadores-justos-se-plantean-acciones-legales

-Juan Antonio Pascual Estapé. (9 mar. 2025 18:48h). Javier Tebas la lía: los bloqueos de LaLiga a Cloudflare tumban la web de la RAE, pero hay novedades. Computer Hoy. https://computerhoy.20minutos.es/internet/javier-tebas-lia-bloqueos-laliga-cloudflare-tumban-web-rae-pero-hay-novedades-1447206

-Jordi Pérez Colomé. (01 MAR 2025 – 05:20 CET). Por qué LaLiga se enfrenta a un gigante de internet por la piratería: “Tiran nuestras notificaciones a la papelera”. El País. https://elpais.com/tecnologia/2025-03-01/por-que-laliga-se-enfrenta-a-un-gigante-de-internet-por-la-pirateria-tiran-nuestras-notificaciones-a-la-papelera.html?

Images:

• Lena Iñurieta
• Comunicación con Imagen. https://nboca.es/. Estas fotos están identificadas con el nombre de la agencia.