CODE BLUE 2025: Japan’s Premier Cybersecurity International Conference, Announces Timetable with 29 Talks Selected from CFP

The CODE BLUE Executive Committee announced the timetable for the international cybersecurity conference, CODE BLUE 2025 (Training: November 16-17, Conference: November 18-19 in Takadanobaba, Shinjuku-ku, Tokyo).

CODE BLUE 2025

This year’s Call for Papers (CFP) received over 550 submissions from both domestic and international applicants. After a rigorous selection process, 29 sessions were chosen. The themes cover a wide range of topics, including security of consumer devices such as Google Pixel, Samsung Galaxy, and Amazon Kindle; remote code execution (RCE) vulnerabilities affecting multiple automakers; trends in cybercriminal groups and state-sponsored threat actors; and discussions by international legal experts on the Act on the Enhancement of Cyber Response Capabilities, among others.

Day 1 will focus primarily on security technologies. Talks include vulnerabilities discovered in the AI-processing coprocessors (NPUs: Neural Processing Units) of System on Chip (SoC) in devices like Google Pixel and Samsung Galaxy; a vulnerability in the macOS Core Audio system daemon uncovered through a unique fuzzing technique; and the construction of an exploit chain targeting vulnerabilities in a Bluetooth stack used by multiple automakers. Each talk is backed by deep technical analysis that highlights the serious impact of these issues.

Additionally, the day will conclude with a special session themed “AI and the Future” (details to be announced later).

Day 2 will cover topics such as countermeasures against cybercrime and trends involving state-sponsored threat actors. Talks by researchers who have conducted detailed analyses of platforms and deepfake techniques used by threat actors will provide defenders with new insights and practical understanding. Additionally, in connection with the closing keynote by Mr. Iida from the National Cybersecurity Office (NCO), two talks will examine the Act on the Enhancement of Cyber Response Capabilities from multiple perspectives. One talk will feature an international legal scholar’s review of the law, while the other will offer a comparative study by legal experts from Japan and the United States. As efforts in cybersecurity and national security intensify, these sessions are expected to offer important implications.

The conference venue is divided into Tracks1-3, with Track1 featuring the main track talks, Track2 featuring "U25" talks by speakers under 25 years old and "Open Talks” by sponsor company. Track3 will feature "Bluebox," which will introduce open source tools and projects. (Details of of Open Talks by sponsor company will be announced later)

Well-Attended Keynote Speech at CODE BLUE 2024 

(by David A. Dalrymple)

■Track 1 Timetable (Main Track)

●Day 1 (November 18)

Start time  Lecture titles (Speaker *Honorific titles omitted)

09:00 <Opening Keynote> Bend the Machine:

　　　The Hacker Path to Autonomy in the Real World

　　　 (David Brumley)

09:00 <Opening Keynote> Bend the Machine:

　　　 The Hacker Path to Autonomy in the Real World

　　　（David Brumley）

09:55 AI Accelerated Exploiting: 

　　　Compromising MTE Enabled Pixel from DSP Coprocessor

　　　（Pan Zhenpeng／Jheng Bing Jhong）

10:50 Dancing with Exynos Coprocessor: 

　　　Pwning Samsung for fun and “profit”

　　　（Jheng Bing Jhong／Muhammad Ramdhan／Pan Zhengpeng）

11:40 Practical Automation of Penetration Testing with Agentic AI

　　　（Hiroaki Toyota）

13:30 Don't judge an audiobook by its cover: 

　　　taking over your Amazon account with a Kindle

　　　（Valentino Ricotta）

14:20 Cache the Frames, Catch the Vulnerabilities in Kernel Streaming

　　　（Angelboy）

15:20 Breaking the Sound Barrier: 

　　　Exploiting CoreAudio via Mach Message Fuzzing

　　　（Dillon Franke）

16:10 How to Hack Any Micro-controller with a Raspberry Pi Pico. 

　　　Easy Fault-Injection by Traffic Mocking

　　　（Tongren Chen）

17:00 PerfektBlue: Universal 1-click Exploit to Pwn Automotive Industry 

　　　- Mercedes-Benz, Volkswagen, Skoda

　　　（Mikhail Evdokimov）

17:50Special Session on AI and the Future（Details to be Announced）

●Day 2 (November 19)

Start time  Lecture titles (Speaker)

09:00 Dissecting FINALDRAFT:

　　　 Gaining from state-supported multi-platform backdoors

　　　 Practical Intelligence from State-Supported Multi-Platform Backdoors

　　　 (Salim Bitam)

09:00 Dissecting FINALDRAFT: Actionable Intel from 

　　　a State-Sponsored Multi-Platform Backdoor

　　　（Salim Bitam）

09:50 Niladri Sekhar - Deepfake

　　　（Niladri Sekhar Hore）

10:40 Cloud-Wide Contamination: 

　　　Chaining SSRFs for Tenant Compromise in Azure (CVE-2025-29972)　　　　　　　　　

　　　（Vladimir Tokarev）

11:30 Exploiting Blind Memory Corruption in Cloud Services

　　　（Anthony Weems/ Stefan Schiller/ Simon Scannell）

13:20 Invitation Is All You Need! Invoking Gemini for Workspace 

　　　Agents with a Google Calendar Invite

　　　（Or Yair/ Ben Nassi/ Stav Cohen）

14:10 Behind the Screen: 

　　　Unmasking North Korean IT Workers' Operations and Infrastructure

　　　（Stty K）

15:00 State Sponsored “Cyber Warriors” 

　　　- North Korean Remote IT Workers

　　　（Alexander Leslie/ Scott Kardas）

16:00 The CCEL and the Thin Line Between Cyber Defence and Pre-emption:

　　　 Japan's Legal and Strategic Pivot

　　　（Andrea Monti）

16:50 The comparative study of offensive cyber operation

　　　- Noudouteki cyber bougyo v.Hunt forward

　　　（Ikuo Takahashi/ Morgan Peirce）

17:40 Closing Keynote（Details to be Announced）

　　　（Yoichi Iida）

■Track2 Timetable (U25 Only)

●Day 2 (November 19)

Start time  Lecture titles (Speaker)

9:00 Bypassing Anti-Debugging: 

　　  A Hybrid Real-Simulated Approach to Rootkit Analysis

　　 （Yong-Xu Yang/ Heng-Ming Fan/ Yu Xuan Luo）

9:50 BOOTKITTY: Multi-OS Trust Chain compromise from Bootkit to Rootkit　　　　　　

　　　（Junho Lee/ HyunA Seo）

■Track3 Timetable (Bluebox)

●Day 1 (November 18)

Start time  Lecture titles (Speaker)

10:00 Azazel System for Emergency Shelters: 

　　　Rapid-Deploy Portable SOC/NOC on Raspberry Pi

　　　（Makoto Sugita）

11:00 BIN2TL: Visualizing Program Dynamics with Perfetto

　　　（Michael Telloyan）

13:00 Build Your Own Pivoting Lab: 

　　　A Starting Point for Internal Network Exploration

　　　（Francisco Canteli）

14:00 Proposal and Implementation of a Reduced Assembly Set Compiler 

　　　for Enabling CPU Security Measures

　　　（Hiroaki Sakai）

15:00 GHARF：GitHub Actions RedTeam Framework

　　　（Yuuki Matsumoto/ Yusuke Kubo）

●Day 2 (November 19)

Start time  Lecture titles (Speaker)

10:00 Introduction to CICDGuard 

　　　- Orchestrating visibility and security of CICD ecosystem

　　　（Pramod Rana）

11:00 Mind the Gaps: Detecting What You Miss in Windows Event Logs

　　　 (and Fixing It!)

　　　（Fukusuke Takahashi/ Zach Mathis）

13:00 TOAMI (Casting Net): 

　　　A Browser Extension Tool for Supporting Phishing Hunters

　　　（Yuichi Tsuboi）

14:00 Uncovering the Past: Reconstructing File Activity 

　　　from Ext4 and XFS Journals

　　　（Minoru Kobayashi）

15:00 YAMAGoya: Open Source Threat Hunting Tool using YARA and SIGMA　　　

　　　（Shusei Tomonaga/ Tomoya Kamei）

*The titles of the talks and speakers' names are subject to change.

*For details of the timetable, please visit the official website below. Please note that the program is subject to change.

https://codeblue.jp/en/program/time-table/

■Notice of Partial Cancellation of Contests and Workshops

Among the contests and workshops originally planned for CODE BLUE 2025, the “Drone Hacking” workshop has been cancelled. We sincerely apologize to everyone who was looking forward to it.

Other contests and workshops will proceed as scheduled, featuring a wide range of exciting themes. Additional programs will be announced as they are confirmed, so please stay tuned.

For the latest information, please visit our official website.

https://codeblue.jp/en/program/contests-workshops/

■CODE BLUE 2025 Overview

Date: November 16th (Sunday) to November 19th (Wednesday), 2025

Organizer: CODE BLUE Executive Committee

Operation: CODE BLUE Secretariat (BLUE Co., Ltd.)

Language: Japanese-English simultaneous interpretation available* 　　　　             　         (*excluding some talks)

Format: In-person

【Training】

Date: November 16th (Sunday) to November 17th(Monday), 2025

  (Each course is subject to a minimum number of participants)

Venue: Bellesalle Shinjuku Minamiguchi 

　　　 (Sumitomo Fudosan Shinjuku Minamiguchi Building 4F)

*Please refer to the Training page of the official website for the participation fee and details of each course.

(Japanese) https://codeblue.jp/program/trainings/

(English) https://codeblue.jp/en/program/trainings/

【Conference】 

Date: November 18th (Tuesday) to November 19th (Wednesday), 2025

Venue: Bellesalle Takadanobaba

　    　(Sumitomo Fudosan Shinjuku Garden Tower B2/1F)

Price: 

 1.Conference Ticket

(Full Access to All Areas, Including the Networking Party)

　  <Regular Price> 98,000 yen (tax incl.): June 1st - Nov 11th

　  <On Site> 128,000 yen (tax incl.): Nov 18th - Nov 19th

2. Visitor Ticket

(Access Limited to Select Areas, No Participation in Main Track or Networking Parties)

　 <Regular Price> 28,000 yen (tax incl.): June 1st - Nov 11th

　  <On Site> 32,000 yen (tax incl.): Nov 18th - Nov 19th

Registration:

Please register from the Registration page on the official website.

(Japanese) https://codeblue.jp/registration/

(English) https://codeblue.jp/en/registration/

(Press) https://codeblue.jp/en/registration/press-registration/

■About CODE BLUE

CODE BLUE is an international cybersecurity conference that brings together top-class experts from Japan and around the world. Now in its 13th edition, the conference offers cutting-edge presentations by cybersecurity specialists, as well as opportunities for information exchange and networking that transcend national and language barriers. By gathering world-class experts active in diverse fields, CODE BLUE aims to invigorate and strengthen security collaboration across Asia, including Japan. The conference also seeks to discover and support talented young researchers from Japan and other Asian countries, encouraging them to step onto the global stage.

Official Site: https://codeblue.jp/en/

SNS:［X(formerly Twitter)］ https://twitter.com/codeblue_jp

　　 ［Facebook］ https://facebook.com/codeblue.jp

        ［LinkedIn］https://www.linkedin.com/company/codeblue-jp

■ About Sponsorship

We are looking for sponsors for CODE BLUE 2025. (Please note that some sponsorship tiers are no longer available.) 

If you are interested in becoming a sponsor, please feel free to contact us via the inquiry form below, and we will send you the sponsorship materials.

[CODE BLUE Sponsor Inquiry Form]

https://forms.gle/hgjXCrH1GMKNFc9C9