The DFex Congress 2025, to be held on June 2 and 3, 2025, will bring together cybersecurity experts from the academic, industrial, and Law Enforcement Agencies (LEAs) to explore the latest advancements in application reverse engineering, vulnerability analysis and exploitation, and digital forensic analysis.
The final schedule for June 2 and June 3 is published. This information is subject to possible changes. Workshops will take place in the afternoon. Participants are kindly requested to bring their own laptop.
AGENDA – June 2, 2025
| Time | Talk title | Speaker |
|---|---|---|
| 09:00-09:30 | Registration | |
| 09:30-10:00 | Inaugural Talk | Organization Committee |
| 10:00-11:00 | Keynote 1: “Unlocking Evidence: Digital Forensics at Work in Europe” | Iwen Coisel (Europol) |
| 11:00-11:30 | Coffee Break | |
| 11:30-12:00 | “From Research to Security: Real-World Threats and the Evolving Challenge of Detection” | Miguel Hernández (SysDig) |
| 12:00-12:30 | “CyberUP: How to Turn a Cybersecurity Idea into a Real Project” (in Spanish) | Sara Santolaria Sampietro (CEEI Aragón) |
| 12:30-13:00 | “Malware Sandbox Comparison (Work in Progress)” | Razvan Raducu (UNIZAR) |
| 13:00-13:30 | “Time traveling with network captures” | Néstor Salceda (Safetybits) |
| 13:30-15:00 | Lunch | |
| 15:00-17:00 | “Into the Shadows – A Journey Through Malware Analysis and Memory Forensics for Incident Response” (workshop) | Ricardo J. Rodríguez (UNIZAR) |
AGENDA – June 3, 2025
| Time | Talk title | Speaker |
|---|---|---|
| 09:00-09:30 | “Techniques and Tools for Bitcoin Cybercrime Intelligence” | Gibran Gómez (IMDEA Software) |
| 09:30-10:00 | “What Vendor Security Advisories Reveal About IoT Vulnerability Management” | Sergio Ruiz-Villafranca (UCLM) |
| 10:30-11:00 | “The New Frontier of Pentesting: AI, APTs, and the ATT&CK Framework” | José Luis Ruiz (UCLM) |
| 11:00-11:30 | Coffee Break | |
| 11:30-12:30 | Keynote 2: “Hacking around with Satellite, Aerospace, Avionics, Maritime, Drones: Crashing/Exploiting at the speed of SDR” | Andrei Costin (University of Jyväskylä, Finland) |
| 12:30-13:30 | “Malware-as-a-Service: The Rise of Cybercrime Commoditization” | Guillermo Suárez-Tangil (IMDEA Networks) |
| 13:30-15:00 | Lunch | |
| 15:00-17:00 | “From TLS to Tor: An Overview of Privacy, Anonymity, and the Hidden Layers of the Web” (workshop) | Sergio Pastrana (UC3M), Narseo Vallina-Rodríguez (IMDEA Networks), Juan Tapiador (UC3M) |
DFeX 2025 will take place at the University of Zaragoza, in the EINA School of Engineering and Architecture (in Salón de Actos of Ada Byron Building).
Registration for DFeX 2025 is now open — simply visit the link below to sign up. Participation is free of charge!
You can access the registration form through this link.
|
Dr. Iwen Coisel received his Ph.D. in cryptography from Orange Labs in 2009. He worked as a researcher at UCLouvain and later as a Scientific Project Officer at the European Commission’s Joint Research Centre. Since 2021, he has been a digital forensic examiner at Europol’s European Cybercrime Centre, focusing on decryption of digital evidence. His interests include password cracking, cryptography, digital forensics, quantum computing, and NLP. He is part of the Hashtopolis development team and helped create the ECTEG Decrypt Advanced course, where he also serves as a trainer. |
|
Miguel Hernández, Sr. Threat Research Engineer at Sysdig, is a lifelong learner passionate about innovation. Over the past decade, Miguel has honed his expertise in security research, leaving his mark at prominent tech companies and fostering a spirit of collaboration through personal open-source initiatives. Miguel has been a featured speaker at cybersecurity conferences across Europe, such as HITB, HIP, CCN-CERT, RootedCon, TheStandoff, and DeepSec. |
|
An expert in innovation ecosystems, she has been designing and developing business incubation and acceleration programs for over 10 years. She is currently Project Manager at CEEIARAGÓN, where she leads the INCIBE Emprende Program to boost the National Cybersecurity Industry. |
|
Razvan Raducu is currently on the verge of completing his Ph.D. under the supervision of Dr. Ricardo J. Rodríguez and Dr. Pedro Álvarez at the Universidad de Zaragoza, Spain. His main research interests lie in malware behavioral analysis and vulnerability detection. Beyond academia, he is interested in low-level stuff and he contributes with educational content via his YouTube channel, GitHub profile, and personal website under the alias RazviOverflow. |
|
Néstor Salceda (he/him) is the Founder and CEO of Safety Bits. Under his leadership, Safetybits is dedicated to empowering organizations to protect their operations through cybersecurity solutions and expertise focused on operational technology. Néstor is also recognized in the tech community for his contributions to open-source projects such as Kubernetes, Helm, and Falco. |
|
Ricardo J. Rodríguez is an Associate Professor at the University of Zaragoza, Spain, with a Ph.D. in Computer Science and Systems Engineering from the same institution. He has participated in multiple EU and national projects, serving as Principal Investigator on both locally and industry-funded initiatives. He is currently leading several R&D projects, including those funded by the Spanish Ministry of Science and Spanish National Cybersecurity Institute (INCIBE). His research interests include digital forensics, program binary analysis, and system security. Dr. Rodríguez has also served in various roles in international conferences and journals, including as co-Conference Chair for DFRWS EU 2024. |
|
Gibran Gomez is a cyber-security researcher at the IMDEA Software Institute. His research lives within the intersection between computer security, malware analysis, blockchain technologies, and machine learning. He has developed novel methodologies for identifying malware families that abuse securing protocols like TLS or blockchain technologies like Bitcoin, as well as tracing techniques leading to their attribution. He obtained his Ph.D. from Universidad Politécnica de Madrid (UPM) under the supervision of Dr. Juan Caballero. |
|
Sergio Ruiz Villafranca has received recently his PhD in Advanced Information Technologies from University of Castilla-La Mancha. In 2021, he joined into the cybersecurity group, where actually he is an Postdoctoral Researcher. His research interests are related to cybersecurity, especially Industrial Internet of Things, machine learning for anomaly detection as well as computer forensics. |
|
José Luis Ruiz Catalán is a member of the Security and Auditing Group (GSyA) at the University of Castilla-La Mancha (UCLM), where he conducts applied research in cybersecurity risk analysis, assessment, and mitigation. He holds a Professional Master’s Degree in Cybersecurity Management, Ethical Hacking, and Offensive Security, as well as a Bachelor’s Degree in Computer Engineering. His technical expertise is supported by certifications in both offensive and defensive cybersecurity from institutions such as TryHackMe, HackTheBox, ISACA, Harvard, and Certiport. He is currently involved in various R&D projects and has several research papers in progress focused on cybersecurity risk management in critical environments. |
|
Dr. Andrei Costin is currently a Senior Lecturer/Assistant Professor in Cybersecurity at University of Jyväskylä (Central Finland), with a particular focus on IoT/firmware cybersecurity and Digital Privacy. He received his PhD in 2015 from EURECOM/Telecom ParisTech under co-supervision of Prof. Francillon and Prof. Balzarotti. Dr. Costin has been publishing and presenting at more than 50 top international cybersecurity venues, both academic (Usenix Security, ACM ASIACCS, etc.) and industrial (BlackHat-series, CCC, HackInTheBox, POC, SecWest-series, etc.). Besides the MFCUK MiFare Classic card key recovery tool (incl. Kali, proxmark), he is also the author of the first practical ADS-B attacks (BlackHat 2012) and has literally established the large-scale automated firmware analysis research areas (Usenix Security 2014) - these two works are considered seminal in their respective areas, being also at the same time most cited in their research fields. Dr. Costin is also the CEO/co-founder of Binare.io, a deep-tech cybersecurity spin-off from University of Jyväskylä, focused on innovation and tech-transfer related to (I)IoT cybersecurity/firmware/devices, as well as avionics/aerospace/space cybersecurity. |
|
Guillermo Suarez-Tangil is an Assistant Professor at IMDEA Networks Institute and Ramon Y Cajal Fellow. His research focuses on systems security and malware analysis and detection. In particular, his area of expertise lies in the application of data-driven approaches to understand and mitigate real-world problems in cybersecurity. Guillermo also holds an honorific position at King’s College London (KCL) as an Assistant Professor, where he has been part of the Cybersecurity group since 2018. Before joining KCL, he was a senior research associate at University College London (UCL), where he explored the use of program analysis to study malware. He has also been actively involved in other research directions aiming at detecting and preventing Mass-Marketing Fraud (MMF) and security and privacy on the social web. |
|
Sergio Pastrana is associate Professor at the Computer Security Lab from the University Carlos III of Madrid. Formerly, he worked in the Cambridge Cybercrime Centre from the University of Cambridge. His research interests are manyfold through the field of cybersecurity and cybercrime. He received a PhD in Computer Science and Technology in 2014 by University of Carlos III de Madrid. His works have been published in top security conferences and journals, including IEEE S&P, ACSAC, RAID, IMC or PETS. |
|
Dr. Narseo Vallina-Rodríguez (Ph.D., University of Cambridge, 2014) is an Associate Research Professor at IMDEA Networks Institute in Spain, where he leads the Internet Analytics Group (IAG). He is also a Ramón y Cajal Fellow and co-founder of AppCensus, a U.S.-based startup specializing in large-scale privacy analysis of mobile applications. His research focuses on network measurements, online privacy, and cybersecurity, integrating both technical and regulatory perspectives. Dr. Vallina-Rodríguez has received several prestigious awards, including the “Young Investigators” Medal from the Royal Academy of Engineering of Spain in 2023, the Emilio Aced Award from the Spanish Data Protection Agency (AEPD) in 2019, 2020, and 2021, the CNIL-INRIA Privacy Protection Award in 2019 and 2021, the Caspar Bowden Award in 2020, and the IETF/IRTF Applied Networking Research Award in 2016. His work has also earned best paper awards at leading international conferences such as the IEEE Symposium on Security & Privacy, USENIX Security, and ACM IMC. Dr. Vallina-Rodríguez acknowledges that these accomplishments are the result of collaborative efforts and would not have been possible without the contributions of his talented students and collaborators. |
|
Juan Tapiador is Professor of Computer Science at Universidad Carlos III de Madrid, Spain, where he leads the Computer Security (COSEC) Lab. His research focuses on computer security and privacy, with emphasis on malware, cyberattacks, and systems security. He has been the recipient of the best paper award at the 41st IEEE Symposium on Security and Privacy and two annual privacy research prizes by the Spanish (AEPD) and French (CNIL) regulators. His research has been covered by international media, including The Times, Le Figaro, Wired, and The Register. He is Associate Editor for Computers & Security and served on the TPC of USENIX Security, NDSS, IMC, Euro S&P, DIMVA, ESORICS, and ASIACCS. |
We invite the cybersecurity community to submit work proposals, presentations, and technical workshops for the DFeX 2025 congress.
The submitted works and workshops should address topics related to:
The congress will include technical workshops aimed at providing participants with practical knowledge. These workshops should feature live demonstrations, interactive exercises, or technical labs aligned with the thematic areas of the conference.
Proposals will be evaluated by a scientific committee based on the following criteria:
To facilitate the participation of experts from around the world, remote presentations will be allowed. Speakers opting for this modality must submit a pre-recorded video of their presentation and be available to answer questions live.
Selected speakers attending in person may apply for partial or full travel expense funding, subject to the availability of funds.
To submit your proposal, use the EasyChair form. Make sure to include a brief resume of the author(s).
For presentations, submit the title, description, keywords, and an extended abstract (maximum 2 pages).
All contributions (which can be in Spanish or English) will follow
the IEEEtrans style, similar to the format used by the
National Cybersecurity Research Days, in both Latex and MS WORD
formats (plantillas).
For workshops, submit the title, description, keywords, and a PDF document containing the following information:
This congress is aimed at:
For questions or more information, contact us at reverseame@unizar.es.
This initiative is part of the Recovery, Transformation, and Resilience Plan, funded by the European Union (Next Generation), a project by the Government of Spain that sets the roadmap for modernizing the Spanish economy, recovering economic growth, creating employment, achieving robust, inclusive, and resilient economic reconstruction after the COVID-19 crisis, and addressing the challenges of the next decade.
