And just like that, another phenomenal edition of NULLCON has come to an end! After 1.5 years of anticipation (thanks to the date changes), we finally made it to Goa earlier this month—the heart of Nullcon—for an unforgettable experience filled with hacking, learning, and connecting with the vibrant security community.
From thought-provoking talks to hands-on workshops, late-night hacking sessions, and endless networking, this edition was truly one for the books. In this blog, we’re diving into the highlights, key takeaways, and our favorite moments from Nullcon 2025. Let’s relive the experience!
But let’s be real — Nullcon isn’t just about the conference. It’s about the whole experience — from the road trip to Goa, the first conference session, the post-talk debates, and even the late-night brainstorming over chai. It’s the kind of event where you don’t just attend, you live it.
We were beyond excited to reconnect with old friends, make new ones, and dive into all things security. And with RedHunt Labs in full force this year, there was plenty to share, plenty to learn, and plenty of fun to be had.
So, here’s a glimpse of our Nullcon 2025 journey — talks, takeaways, parties, and everything in between. Buckle up!
RedHunt Labs had a solid presence with Shubham, Sudhanshu, Kunal, Krutarth, Aditya and me (Ashwin) in attendance. We spent the conference meeting people, exchanging ideas, and sharing what we’ve been building — and let’s just say, some amazing things are in the pipeline!
Personally, this year was extra special – because I was giving my first NULLCON talk on Supply Chain Security! 🔥
(and yes, I was in formals for the very first time, and low-key, it was fun! 🫣)
From the moment I stepped on stage to the last Q&A, it was a rollercoaster of excitement, nerves, and pure adrenaline. Talking about supply chain security in front of an engaged and curious audience was a surreal experience. The best part? The conversations that followed. Security pros, researchers, and engineers came up with interesting questions, new perspectives, and some great post-talk discussions that made the experience even more valuable.
Our CEO was interviewed by ISMG where he dived deep into Attack Surface Management, discussing its real-world applications, challenges, and why security teams need to start thinking beyond just asset inventories. Seeing the conversation spark so much interest was a clear sign that attack surface security is becoming a key focus for many organizations.
As always, Beyond the talks and interviews, some of the best insights came from impromptu hallway chats, heated debates, and late-night brainstorming sessions. As a team, we had the chance to catch up with old friends, meet brilliant new security minds, and soak in the buzz of fresh ideas—each of us walking away with unique perspectives and key takeaways from Nullcon 2025.
Here are our Insights from Nullcon 2025
- Proactive Security is the Future: More companies are moving beyond traditional reactive security models. AI and MLOps are being integrated into security workflows, with organizations experimenting with AI-driven threat detection and response strategies. Everyone has certain ideas and thoughts around the usage of AI for their day-to-day tasks. While mostly people are still brainstorming, a few have already done some experiments and are exploring options to fine-tune the outcomes.
- The Shift-Left Movement is Stronger Than Ever: Developers are stepping into security leadership roles, pushing for security-first development practices. The consensus? Security must be embedded into the SDLC from the start, not patched in later.
- Growing Interest in Attack Surface Management & Internet-Wide Scanning: We had exciting discussions with companies interested in our attack surface management product and internet-wide scanning capabilities. Many saw the potential for a more comprehensive approach to external threat visibility, sparking conversations around possible partnerships with RedHunt Labs.
- Bug Bounties Continue to Gain Traction: Organizations are investing more in bug bounty programs, recognizing them as an effective way to uncover vulnerabilities while rewarding ethical hackers. The community-driven approach is proving its value.
- Cybersecurity Regulations & Public-Private Partnerships: Government and industry leaders are actively shaping cybersecurity policies. From regulatory shifts to new compliance frameworks, there’s a growing focus on collaboration between the private sector and policymakers to strengthen security at a national level.
- Startups and Young Entrepreneurs Driving Innovation: The cybersecurity startup ecosystem is thriving, with fresh ideas reshaping how security is approached. Nullcon provided a platform to showcase groundbreaking solutions from rising entrepreneurs tackling modern security challenges.
- Emerging Threats Need New Defenses: AI-driven threat modeling, hardware security in automotive and IoT, and supply chain vulnerabilities were hot topics. The evolving attack landscape demands continuous adaptation and research-driven solutions.
We met tons of talented folks in security who were excited about what we’re building, exchanged ideas, and had some incredible conversations. (Side note: if you’re reading this and thinking, ‘This sounds like my kind of place’—well, we’re hiring! 😉)
As the event came to a close, we left with new knowledge, stronger connections, and a renewed enthusiasm to push the boundaries of security research. NULLCON 2025 was an unforgettable experience, and we’re already counting down the days until the next edition!
Nullcon 2025 may be over, but the learning, hacking, and brainstorming never stop! If you enjoyed the discussions, let’s take them forward. Curious about how Attack Surface Management can help your org? Let’s chat.