Opinions
Best of PWNEDCR 0x08
Head of Research
Updated
Jan 21, 2026
5 min
Back in 2018, fewer than 100 people gathered at Universidad CENFOTEC in San Jose, Costa Rica. The goal was simple: bring together the old-school Costa Rican ethical hackers with the new wave of enthusiasts just discovering this world. That day, as they competed in the event's first CTF, nobody could have imagined what was coming.
Seven years later, I'm standing in front of more than 500 people at the National Auditorium. The stage is lit with green lights reminiscent of a terminal. The PwnedCR logo—a grinning skull with crossed bones, inherited from DEF CON's iconic imagery—watches over us from giant screens. And in my hand, an electronic badge that's already been hacked by at least three people in the CTF area.
PWNEDCR 0x08 had begun.
What does PWNEDCR mean?
DC11506: at some point, someone at DEF CON decided that number could connect a community. DCG 1 + 1 + 506 is the DEF CON Group with the international calling code to Costa Rica from the United States—the prefix that connects to the land of "Pura Vida."
From that group of hackers who met on the first Saturday of every month in Barrio Amón, PWNEDCR was born: Costa Rica's most important cybersecurity conference.
The philosophy has always been clear: from the community, for the community. It's 100% volunteer-run by DC11506 members, nonprofit, and offers content for all skill levels—from the student who just discovered what a CTF is to the pentester with years of experience. And most notably: eight consecutive editions with completely free admission.
Evolution
PWNEDCR has grown organically over the years. In 2019 (0x02), they added workshops to the conference. In 2020 and 2021, the pandemic forced them to go virtual, which had an unexpected upside: an international audience. Right around that time, at 0x04, an Argentinian nicknamed "Pepap1g" became the first foreigner to win the CTF.
Later, the long-awaited return to in-person events in 2022 (0x05) was a huge success: it brought in over 250 attendees and created the need for two parallel auditoriums for talks. By 2024 (0x07), attendance had grown to over 500 people and the event had expanded to two full days: Friday for workshops, Saturday for talks.
But 0x08 marked a turning point.
PWNEDCR 0x08
For the first time in eight years, the conference left its university venues behind. Its new home was the National Auditorium, located in the Costa Rican Center for Science and Culture, also known as the Children's Museum. A space with capacity for 700 people that gave the event the stage it deserved.
And so, on October 18 and 19, 2025, more than 650 attendees and 50 team members serving as speakers, trainers, hosts, and staff brought the event to life across three simultaneous tracks.
But numbers only tell part of the story. Here are some of the things that make PWNEDCR special:
The electronic badge isn't just interactive—it's hackable and part of the competition. It has hidden easter eggs and challenges built right into the CTF. If you didn't try to hack it, you missed half the fun.
The hexadecimal naming of each edition (0x01, 0x02… 0x08) is a nod to hacker culture, and every year it blends with a different visual theme while keeping the conference's spirit intact.
And then there's the cow. This is an inside joke from the CTF that shows up whenever a challenge is so difficult that nobody—or almost nobody—manages to solve it. If you see the cow, brace yourself for pain.
Side quests
Like any major conference, PWNEDCR isn't just about talks. The event has parallel activities that are often just as valuable as the main track.
The CTF reached its eighth edition. It was two days of in-person competition with prizes for the top three finishers: vouchers from TCM Security, Hack The Box, and CompTIA. The format was Jeopardy-style with challenges ranging from beginner-friendly to "the cow."
Workshops were free but had limited capacity—you had to line up to secure a seat. There were four on Saturday and three on Sunday, covering topics from ESP32 sniffing to forensic analysis of Windows DMP files for credential extraction. On top of that, a pre-conference training session on Windows privilege escalation was offered for USD 45, lasted six hours, and helped fund the 0x08 edition.
Beyond the purely technical stuff, this year introduced Speed Interviews: quick chats with recruiters from the event's sponsors. These required separate registration, had specific time slots, and according to later feedback, some people landed formal interview processes directly from the event.
Among the live meetups, 0x08 also featured a Root Sisterhood gathering (the women in cybersecurity community) and a meetup for the local Hack The Box chapter.
And for fans of hands-on activities—because what's a hacking conference without one—there was the Lockpicking Village: padlocks, locks, handcuffs, and enough stickers to cover an entire laptop.
The talks
At PWNEDCR, focusing solely on the talks, 29 speakers led the event's three tracks. With presenters from seven different countries, 28% of us were international.
To capture a bit of what made this edition special, here are my picks for the 3 best talks at PWNEDCR 0x08:
"Adversarial Malware: Self-Mutating Payloads with GANs and Reinforcement Learning" by Alexander Botero, Offensive Security Lead at Cyber Sector
Alexander showed how artificial intelligence has changed the rules of the offensive game. He explained a technical architecture where two neural networks (generative adversarial networks, GANs) compete against each other—one creating malware, the other judging it—combined with reinforcement learning to reward successful evasion. The result? A live demo of payloads that automatically mutate until they achieve zero detections on VirusTotal, proving that traditional signature-based and static heuristic controls are on borrowed time.
"I Wasn't a Hacker... Until I Was" by Esteban Araya, Cybersecurity Lead at Techcore Group
Sometimes the most memorable talks aren't the most technical ones. Esteban shared his personal journey—from working at a call center and accidentally buying a hacking course (he was looking for an Excel one) to becoming a Cybersecurity Lead. It was a raw session about the reality of impostor syndrome, the importance of soft skills, and how discipline beats motivation. A reminder that in this industry, credentials matter less than curiosity and persistence.
"Red Route: Silent Red Team Techniques for Full AD Takeover" by Omar Palomino, Offensive Security Engineer & Pentester at Kunak Consulting
Omar came from Peru with a premise: "There's always a mistake—it's just a matter of sniffing it out." Through live demos and plenty of humor, he demystified Active Directory security by executing advanced techniques like NoPac (machine account spoofing), gMSA credential extraction, silent DCSync, and RDP session hijacking via services.
Beyond the technical content and step-by-step explanations, Omar left us with a profound message: he warned about the danger of "immediacy" in newer generations, reminding us that no automated tool replaces deep understanding of a vulnerability. His conclusion was a life lesson for the Red Team: success isn't in hitting Enter—it's in having the patience to enjoy the process of failing repeatedly until you find that gap that inevitably exists.
See you at 0x09
This isn't the end.
After the two days of 0x08, I walked back across the National Auditorium. The electronic badge hanging from my neck was no longer a mystery—its secrets extracted, its challenges solved, its easter eggs discovered by dozens of curious minds.
In an ecosystem where cybersecurity conferences keep getting more expensive, PwnedCR is a reminder of how it all started: a group of hackers who simply wanted to share knowledge.
Now you know: October 2026. San José, Costa Rica. PwnedCR 0x09.
Pura Vida.
Get started with Fluid Attacks' PTaaS right now
Other posts
