Opinions
Best of DragonJARCON 2025
Head of Research
Updated
Jan 20, 2026
5 min
Walking into El Tesoro Events Center in Medellín, Colombia, felt like stepping into a secret place. You descend several floors through the shopping mall, leaving behind the stores and everyday noise, until you reach a space with a completely different vibe. It's not the usual hum of an event, but the vibrant buzz of over 600 minds, all focused on decoding the present and future of cybersecurity.
All around me, a fascinating mix: seasoned professionals with years (even decades) of digital battles under their belts, university students with curious eyes, company leaders taking notes and surveying the room, and self-taught enthusiasts sharing coffee and ideas. On many t-shirts and bags, you could read a statement that captures the event's spirit: "Hacking is the New Sexy."
A little background on DragonJARCON
This was September 10 and 11, 2025. The twelfth edition of DragonJARCON, Colombia's most important cybersecurity conference, felt like the epicenter of a crucial conversation for Latin America. And while talks unfolded in the main hall, another 2,800 people followed every presentation online from different corners of the continent.
DragonJARCON's scale shows in the numbers: 12 consecutive editions since 2013, over 60,000 cumulative attendees, more than 160 speakers, and over 200 talks throughout the years. But the numbers only tell part of the story. What makes this conference unique is its commitment to technical content in Spanish. In a world where the best security conferences are usually in English, DragonJARCON has carved out a space where researchers from Argentina, Mexico, Spain, Brazil, Peru, Costa Rica, Bolivia, Uruguay, Colombia, and other Latin American countries share their findings in their native language. In 2025, 10 countries were represented on stage.
The 2025 agenda reflected the current state of cybersecurity: artificial intelligence applied to both offense and defense, privacy under siege, offensive security on new fronts, and the always eye-opening "war stories" from those on the digital front lines.
Each talk ran 50 minutes plus 10 for Q&A, just enough time to go deep on a topic without losing the audience's attention. But choosing between talks and challenges was just one of many dilemmas. Running simultaneously were the CTF (Capture The Flag), the AI challenge, and the lockpicking village.
I walked out of there with my head full of ideas and takeaways, but these are the three talks that stuck with me the most:
PwnSat: Satellites vulnerable by design to hack space (and understand it)
Romel Marín and Kevin León took the stage with an unexpected and innovative proposal: vulnerable-by-design satellites, made for learning to hack. Their PwnSat project isn't just a theoretical exercise—it's a real educational platform that lets you understand the fundamentals of satellite communications and their vulnerabilities.
At a point in history when thousands of satellites orbit the Earth and space infrastructure is becoming critical, understanding how to secure it (or compromise it) is no longer optional. The talk covered everything from radio frequency basics to concrete exploitation techniques and real attacks they've carried out, showing that the next big cybersecurity battleground might also be in space.
Memoirs of a forensic expert vol. XII
Lorenzo Martínez is already a familiar face at DragonJARCON. His Memorias de un Perito [Memoirs of a forensic expert] series reaches volume XII with the same formula that's made it legendary: real ransomware cases and other attacks, narrated with the pacing of a thriller and the technical precision of a forensic report.
This year, Lorenzo shared a couple of his most recent experiences: two stories of direct negotiation with apparently independent criminal groups, decisions made under pressure, and lessons you can only learn from experience when multiple companies have their servers encrypted and under attacker control. It's the kind of knowledge and storytelling that only an expert who's lived through it firsthand can deliver.
From coffee fields to hacking: A Colombian coffee picker's journey to hacker
Andrés Orozco's talk was a powerful reminder that cybersecurity talent can come from anywhere. He narrates his personal story: from coffee picker in the Colombian mountains to recognized ethical hacker. The talk is inspiring in itself, but the message Andrés works hard to convey is the concept of malicia indígena applied to hacking and life: that intuition and sharp common sense that lets you see attack angles others might easily overlook, but that can flip problems around to find the most creative solutions (or bypasses) of all.
Beyond the talks
DragonJARCON 2025 was a reminder of how the best security conferences go beyond talks. The CTF ran for two full days across the Web, Crypto, Forensics, Reversing, Pwn, FullPwn, and AI categories, and Cristian Vargas, one of our hacking team members, took first place. The AI challenge, a competition where you have to develop a revolutionary tool using LLMs, now in its second edition, was won by Cristian Tangarife with his LogAnalyzer. And finally, hands-on workshops covered everything from Android app reversing to Web Hacking 101.
Then there were the moments that don't appear on any agenda: conversations during coffee breaks, contacts exchanged over lunch, and ideas that sparked in the Lockpicking Village while someone wrestled with a particularly difficult lock.
One detail that caught my attention and deserves a special mention is the badge. This year's electronic badge was created by Electronic Cats and featured a programmable NFC device with an OLED screen, multiple LEDs, and a built-in hacking challenge. It wasn't just an ID, it was an open hardware project that those lucky enough to get one had a great time hacking. While all attendees received a cardboard event pass, only those who purchased one of the workshops got one of the 100 electronic badges that were made.
Tips for future attendees
If you're thinking about attending the next edition, here's what I learned:
Tickets
General admission for this edition was COP 550,000 (roughly USD 137.50), though early-bird buyers could get it for COP 450,000 (roughly USD 112.50). The ticket included access to both full conference days, the event kit (t-shirt, bag, and notebook), a digital attendance certificate, access to the villages, and all the networking opportunities. Workshops cost extra, and those who signed up also received the coveted electronic badge.
Before the event
Book a room near El Tesoro Events Center if you can: the shopping mall has a hotel (Novotel El Tesoro), making it the best spot to stay during the event. Also, the event runs from 8 AM to 6 PM, and you'll want to arrive well-rested.
Decide your strategy: will you prioritize talks or competitions like the CTF? It's hard to do both well, better to pick only one. That said, keep in mind that while talks are recorded, they're unique opportunities to interact with the speaker, ask questions, or even witness off-the-record moments.
Especially if you plan to compete, bring a laptop with a full charge and, if you have one, a portable charger for your phone.
Prepare a QR code with your LinkedIn or contact info to speed up networking.
Eat a good breakfast and bring snacks.
During the event
Make the most of coffee breaks and lunches for networking: the best connections happen outside the main hall.
Dare to compete: even if you don't win, you'll learn a ton.
Talk to the speakers: They're surprisingly approachable, and you can catch them after their talks or during breaks.
Visit the sponsor booths and the lockpicking village.
And above all: relax and enjoy. You're surrounded by your people.
Latin America has a vibrant, technically skilled cybersecurity community that's hungry for knowledge. In a world where digital threats don't respect borders or languages, having this space for exchange in Spanish isn't a luxury but a necessity.
See you at edition 13 in Medellin!
Get started with Fluid Attacks' PTaaS right now
Other posts
