CODE BLUE 2025: Japan’s Premier Cybersecurity International Conference Announces Full Program, Including Sponsor Sessions; Online Registration Open Until November 11
- Registration Now Open for Expert-Led Training Sessions -
CODE BLUE Executive Committee
The CODE BLUE Executive Committee announced the complete program for the international cybersecurity conference, CODE BLUE 2025 (Training: November 16-17; Conference: November 18-19 in Takadanobaba, Shinjuku-ku, Tokyo), including sessions presented by sponsor companies.
CODE BLUE 2025
From November 16 to 17, four training sessions will be held, followed by the main conference on November 18 and 19. The conference will feature a wide range of programs, including talks, contests, workshops, and exhibitions by sponsor companies. A networking party is also scheduled for the final day, November 19.
The conference offers a diverse lineup of talks covering multiple perspectives—from hacking popular consumer devices and analyzing the activities of state-sponsored threat actors to a legal scholar’s insights into the Act on the Enhancement of Cyber Response Capabilities.
At the end of Day 1, a panel discussion will bring together experts to exchange views on the current state and future of AI and cybersecurity. Speakers include members of the top-ranking teams from the finals of the “AI Cyber Challenge (AI×CC)”, a competition hosted by the Defense Advanced Research Projects Agency (DARPA) at DEF CON in Las Vegas, USA, this summer, along with David Brumley, a key contributor to the contest and a keynote speaker at CODE BLUE 2025.
The training program offers four courses, covering topics such as AI agent security and Windows event log analysis. Participants will have the opportunity to learn practical skills directly from specialists working on the front lines of cybersecurity. In addition, training participants will receive CODE BLUE conference tickets, allowing them to deepen their knowledge through both hands-on training and conference sessions.
Furthermore, in addition to the nine contest and workshop programs already announced, three new workshops organized by sponsor companies have been added to the lineup. All of these programs are open to all CODE BLUE participants.
Scene from CODE BLUE 2024
<Program List>
■ Trainings (November 16–17)
-AI Agent Security Masterclass
-Hacking Modern Web & Desktop apps: Master the Future of Attack Vectors
-Advanced Windows Event Log Analysis and Threat Hunting with Yamato Security Tools
-Advanced Decompiler & Programming Techniques with IDA Pro (changed to online format)
*For more details, please visit the official website:
https://codeblue.jp/en/program/trainings/
■ Conference (November 18–19)
■Track 1 Timetable (Main Track)
●Day 1 (November 18)
Start time Lecture titles (Speaker *Honorific titles omitted)
09:00 <Opening Keynote> Bend the Machine:
The Hacker Path to Autonomy in the Real World
(David Brumley)
09:55 AI Accelerated Exploiting:
Compromising MTE Enabled Pixel from DSP Coprocessor
(Pan ZhenPeng/ Bing-Jhong Jheng)
10:50 Dancing with Exynos Coprocessor:
Pwning Samsung for fun and “profit”
(Bing-Jhong Jheng/ Muhammad Ramdhan/ Pan ZhengPeng)
11:40 Practical Automation of Penetration Testing with Agentic AI
(Hiroaki Toyota)
13:30 Don't judge an audiobook by its cover:
taking over your Amazon account with a Kindle
(Valentino Ricotta)
14:20 Cache the Frames, Catch the Vulnerabilities in Kernel Streaming
(Angelboy Yang)
15:20 Breaking the Sound Barrier:
Exploiting CoreAudio via Mach Message Fuzzing
(Dillon Franke)
16:10 How to Hack Any Micro-controller with a Raspberry Pi Pico.
Easy Fault-Injection by Traffic Mocking
(Tongren Chen)
17:00 PerfektBlue: Universal 1-click Exploit to Pwn Automotive Industry
- Mercedes-Benz, Volkswagen, Skoda
(Mikhail Evdokimov)
17:50 Panel Discussion:The Present and Future of AI and Security (TBD)
(David Brumley/ Evan Downing/ Minwoo Baek/ Tyler Nighswander)
●Day 2 (November 19)
Start time Lecture titles (Speaker)
09:00 Dissecting FINALDRAFT: Actionable Intel from a State
-Sponsored Multi-Platform Backdoor
(Salim Bitam)
09:50 Deepfake
(Niladri Sekhar Hore)
10:40 Cloud-Wide Contamination:
Chaining SSRFs for Tenant Compromise in Azure (CVE-2025-29972)
(Vladimir Tokarev)
11:30 Exploiting Blind Memory Corruption in Cloud Services
(Anthony Weems/ Stefan Schiller/ Simon Scannell)
13:20 Invitation Is All You Need!
Invoking Gemini for Workspace Agents with a Google Calendar Invite
(Or Yair/ Ben Nassi/ Stav Cohen)
14:10 Behind the Screen:
Unmasking North Korean IT Workers' Operations and Infrastructure
(Stty K)
15:00 State Sponsored “Cyber Warriors”
— North Korean Remote IT Workers
(Alexander Leslie/ Scott Kardas)
16:00 The CCEL and the Thin Line Between Cyber Defence and Pre-emption:
Japan's Legal and Strategic Pivot
(Andrea Monti)
16:50 The comparative study of offensive cyber operation
-Noudouteki cyber bougyo v.Hunt forward
(Ikuo Takahashi/ Morgan Peirce)
17:40 Closing Keynote(TBA)
(Yoichi Iida)
■Track2 Timetable (Track 2 Schedule: U25/ Open Talks by Sponsor Companies)
●Day 1 (November 18)
Start time Lecture titles (Speaker)
10:00 Agentic Web Security
(Mitsui Bussan Secure Directions, Inc. Isao Takaesu)
10:40 Offense-Driven Defense:
Challenging Uncharted Technologies through AI
(NRI SecureTechnologies, Ltd. Kenji Kakimoto)
11:20 Fire Ant:
A Chinese Espionage Group Operating Beneath the Hypervisor
(Sygnia Consulting Ltd. Asaf Perlman)
12:00 How We Built a Secure Sandbox Platform for AI Agents
(GMO Flatt Security Inc. pizzacat83)
13:30 AI Scorches Everything: Angel, Demon, or Something Else?
(GMO Internet Group, Inc. Daiki Fukumori)
14:25 AI Security in Practice:
From Adversarial Injections to Guardrail Defenses
(CyCraft Japan Corporation Renata Chang)
15:05 Focus on "REAL" vulnerability
- Prioritizing What Truly Matters in Security
(S2W Inc. Jongheon Yang)
15:45 Profile of an IoT Vulnerability Likely to be Exploited:
An Empirical Study Using Honeypots and OSINT
(Panasonic Holdings Corporation Kohei Taguchi/ Manabu Nakano)
16:40 Part I: Education and Training for Organizational Resilience
and Its Context
(Hitachi Systems, Ltd. Akira Orita)
Part II: Geopolitical Risks Related to Cyber Domain Issues
(Bonji Ohara, Senior Fellow, Sasakawa Peace Foundation)
■Track2 Timetable (U25 Only)
●Day 2 (November 19)
Start time Lecture titles (Speaker)
9:00 Bypassing Anti-Debugging:
A Hybrid Real-Simulated Approach to Rootkit Analysis
(Yong-Xu Yang/ Heng-Ming Fan/ Yu Xuan Luo)
9:50 BOOTKITTY: Multi-OS Trust Chain compromise
from Bootkit to Rootkit
(Junho Lee/ HyunA Seo)
10:50 Developing AI Agents for Security Operations:
The Need for Cyber Threat Intelligence Tailored to Each Industry
and Organization
(NEC Corporation Takahiro Kakumaru)
11:30 Identifying an attacker using OSINT
(NTT Security Japan Taro Manabe)
13:00 Cyber Risk Countermeasures—Now and in the Future:
A Chat with MS&AD Insurance Group Representatives
and a Special Guest
(MS&AD InterRisk Research & Consulting, Inc. Kensuke Maki/
Tsutomu Kajiura/ Takashi Aoyama/
Aioi Nissay Dowa Insurance Co.,Ltd Taro Kamiyama/
Mitsui Sumitomo Insurance Co.,Ltd. Noboru Ishizu/
Attorney at Law (Japan and California) Hiroaki Yamaoka)
13:40 Understanding the Demand for Cybersecurity Professionals
Through Public Job Openings
(SCSK Security Corporation Yuho Kameda)
14:20 Cyber Regulation in the IoT Era:
Institutional Analysis of the EU Cyber Resilience Act
and its impact on us
(NTT DATA INTELLILINK Corporation Chiaki Hanyu)
15:00 Threats That Penetrate Multi-Layered Defenses
– From Breached Security to Becoming a Breach-Resistant Organization –
(Future Corporation Kouta Kanbe/
Future Secure Wave, Inc. Masato Watanabe)
■Track3 Timetable (Bluebox)
●Day 1 (November 18)
Start time Lecture titles (Speaker)
10:00 Azazel System for Emergency Shelters:
Rapid-Deploy Portable SOC/NOC on Raspberry Pi
(Makoto Sugita)
11:00 BIN2TL: Visualizing Program Dynamics with Perfetto
(Michael Telloyan)
13:00 Build Your Own Pivoting Lab:
A Starting Point for Internal Network Exploration
(Francisco Canteli)
14:00 Proposal and Implementation of a Reduced Assembly Set Compiler
for Enabling CPU Security Measures
(Hiroaki Sakai)
15:00 GHARF:GitHub Actions RedTeam Framework
(Yusuke Kubo/ Yuuki Matsumoto)
●Day 2 (November 19)
Start time Lecture titles (Speaker)
10:00 Introduction to CICDGuard - Orchestrating visibility and
security of CICD ecosystem
(Pramod Rana)
11:00 Mind the Gaps: Detecting What You Miss in Windows Event Logs
(and Fixing It!)
(Fukusuke Takahashi/ Zach Mathis)
13:00 TOAMI (Casting Net): A Browser Extension Tool for
Supporting Phishing Hunters
(Yuichi Tsuboi)
14:00 Uncovering the Past:
Reconstructing File Activity from Ext4 and XFS Journals
(Minoru Kobayashi)
15:00 YAMAGoya: Open Source Threat Hunting Tool using YARA and SIGMA
(Shusei Tomonaga/ Tomoya Kamei)
*The titles of the talks and speakers' names are subject to change.
*For details of the timetable, please visit the official website below. Please note that the program is subject to change.
https://codeblue.jp/en/program/time-table/
■Contests and Workshops
(Programs Newly Released)
・Ready for BCP?
Overview: When an incident occurs, a large volume of diverse and incomplete information and requests may flood in, potentially causing confusion in the response. In this workshop, participants will gain hands-on experience in prioritizing actions and making rapid decisions during the initial response phase. With a focus on business continuity, the program also includes training on organizational decision-making flows and technical response practices.
Hosted by: Hitachi Systems, Ltd.
Date: November 18 (Tue) – 19 (Wed), 2025
URL: https://codeblue.jp/en/program/contests-workshops/readyforbcp/
・Interpol AI Quest
Overview: As an INTERPOL cybercrime investigator, you will infiltrate a cybercrime organization.
To your surprise, you will find that the space is completely controlled by AI.
Will you be able to escape the siege of the runaway AI and rescue the victims?
Hosted by: GMO Cybersecurity by Ierae, Inc.
Date: November 18 (Tue), 2025
URL: https://codeblue.jp/en/program/contests-workshops/interpol-ai-quest/
・AI x Pentesting Forefront: A Hands-on Workshop with "Takumi byGMO"
Overview: Join us to experience the world of software pentesting as it is being transformed by AI. This workshop offers a firsthand look at “Takumi byGMO,” Japan’s first AI agent for pentesting, developed by GMO Flatt Security. Witness the power of AI and discover the future of vulnerability analysis.
Hosted by: GMO Flatt Security Inc.
Date: November 19 (Wed), 2025
URL: https://codeblue.jp/en/program/contests-workshops/ai-securityshindan/
(List of Previously Released Programs)
・TRAPA Cyber Range Exercise
・Twin-Core CTF: From Soldering Fumes to PLC Pwn
・Whispers Through the Firewall: Data Exfiltration and C2 with Port Knocking
・CyberTAMAGO
・Biohacking Village
・Car Hacking Village
・AEROSPACE VILLAGE
・ICS Village
・Maritime Hacking Village
*Please note that the dates vary by program.
*For further details, please refer to the official website:
https://codeblue.jp/en/program/contests-workshops/
■CODE BLUE 2025 Overview
Date: November 16th (Sunday) to November 19th (Wednesday), 2025
Organizer: CODE BLUE Executive Committee
Operation: CODE BLUE Secretariat (BLUE Co., Ltd.)
Language: Japanese-English simultaneous interpretation available* (*excluding some talks)
Format: In-person
【Training】
Date: November 16th (Sunday) to November 17th(Monday), 2025
Venue: Bellesalle Shinjuku Minamiguchi
(Sumitomo Fudosan Shinjuku Minamiguchi Building 4F)
*Please refer to the Training page of the official website for the participation fee and details of each course.
(Japanese) https://codeblue.jp/program/trainings/
(English) https://codeblue.jp/en/program/trainings/
【Conference】
Date: November 18th (Tuesday) to November 19th (Wednesday), 2025
Venue: Bellesalle Takadanobaba
(Sumitomo Fudosan Shinjuku Garden Tower B2/1F)
Price:
1.Conference Ticket
(Full Access to All Areas, Including the Networking Party)
<Regular Price> 98,000 yen (tax incl.): June 1st - Nov 11th
<On Site> 128,000 yen (tax incl.): Nov 18th - Nov 19th
2. Visitor Ticket
(Access Limited to Select Areas, No Participation in Main Track or Networking Parties)
<Regular Price> 28,000 yen (tax incl.): June 1st - Nov 11th
<On Site> 32,000 yen (tax incl.): Nov 18th - Nov 19th
Registration:
Please register from the Registration page on the official website.
(Japanese) https://codeblue.jp/registration/
(English) https://codeblue.jp/en/registration/
(Press) https://codeblue.jp/en/registration/press-registration/
■About CODE BLUE
CODE BLUE is an international cybersecurity conference that brings together top-class experts from Japan and around the world. Now in its 13th edition, the conference offers cutting-edge presentations by cybersecurity specialists, as well as opportunities for information exchange and networking that transcend national and language barriers. By gathering world-class experts active in diverse fields, CODE BLUE aims to invigorate and strengthen security collaboration across Asia, including Japan. The conference also seeks to discover and support talented young researchers from Japan and other Asian countries, encouraging them to step onto the global stage.
Official Site: https://codeblue.jp/en/
SNS:[X(formerly Twitter)] https://twitter.com/codeblue_jp
[Facebook] https://facebook.com/codeblue.jp
[LinkedIn]https://www.linkedin.com/company/codeblue-jp
■List of Sponsors: https://codeblue.jp/sponsors/
Image
Logo Image
- Category:
- Events