FREE GRC Workshop

LEARN MORE

Recommended Event: Convene: Boston | Cybersecurity & Human Risk Conference Aug 13 - 14, 2026

Nullcon Berlin 2026 | Call for Papers

Focus Data Security and Privacy
Type Conference
Organization Nullcon
Event Format Physical
Size 101 - 300 approximate delegates
Registration Not Free
SPEAKING: FREE-TO-SPEAK

Search for other Cybersecurity Conferences in Germany in 2026-2027.

Conference Description

Key Takeaways

  • Nullcon Berlin 2026 convenes cybersecurity researchers, practitioners and industry experts to examine offensive and defensive security developments
  • Technical focus areas span artificial intelligence security, operational technology, cloud infrastructure, embedded systems and malware analysis
  • The conference serves as a research presentation platform for emerging vulnerabilities and novel attack and defence methodologies
  • Call for papers closes 10th July 2026

Introduction

Nullcon Berlin 2026 returns as a dedicated forum for the international cybersecurity community to examine emerging threats, novel attack vectors and defensive innovations. The conference brings together security researchers, industry practitioners and newcomers to the field, providing a platform for presenting original research across both offensive and defensive security disciplines. With enterprise attack surfaces expanding through cloud adoption, operational technology convergence and artificial intelligence integration, the event addresses technical challenges that have become central to organisational risk management.

About Nullcon Berlin

Nullcon Berlin operates as an annual security conference positioned at the intersection of academic research and practical security implementation. The event distinguishes itself through its emphasis on original findings, whether vulnerability disclosures, novel exploitation techniques or defensive tooling. This research-first orientation attracts participants who contribute actively to the security knowledge base rather than simply consuming vendor presentations.

The conference structure accommodates varying experience levels, from early-career researchers presenting their first significant findings to established experts sharing mature research programmes. This breadth creates opportunities for knowledge transfer across experience boundaries while maintaining technical rigour in accepted presentations.

Technical Research Domains

The conference programme encompasses security research across multiple technical domains, reflecting the distributed nature of modern attack surfaces. Accepted topics demonstrate the breadth of contemporary security challenges facing organisations and researchers.

Artificial Intelligence and Machine Learning Security

AI and ML security has emerged as a critical research area as organisations deploy machine learning models in production environments. Research in this domain addresses adversarial attacks against model integrity, data poisoning techniques, model extraction vulnerabilities and the security implications of large language model deployments. The rapid integration of AI systems into enterprise workflows has created new attack surfaces that traditional security frameworks were not designed to address.

Web, Browser and Cloud Infrastructure

Web and browser security research continues to evolve alongside increasingly complex client-side applications and browser capabilities. Modern web applications present attack surfaces spanning authentication mechanisms, API security, client-side frameworks and browser sandbox implementations. Cloud and infrastructure security research addresses the shared responsibility challenges inherent in public cloud deployments, container orchestration vulnerabilities, identity federation weaknesses and infrastructure-as-code security patterns.

Operational Technology and Industrial Control Systems

ICS, SCADA and operational technology security represents a domain where cybersecurity intersects with physical safety and critical infrastructure protection. Research in this area examines protocol vulnerabilities, air-gap bypass techniques, safety system manipulation and the security implications of IT/OT convergence. The increasing connectivity of previously isolated industrial systems has elevated the importance of this research area for utilities, manufacturing and critical infrastructure operators.

Embedded Systems, Mobile and Hardware Security

IoT and embedded security research addresses the proliferation of connected devices with constrained computational resources and extended deployment lifecycles. Hardware security research examines side-channel attacks, secure element implementations and supply chain integrity. Mobile security spans application analysis, operating system vulnerabilities and the security boundaries between applications and device firmware.

Malware Analysis and Reverse Engineering

Malware and reverse engineering research provides foundational capabilities for understanding threat actor techniques and developing defensive countermeasures. This domain encompasses static and dynamic analysis methodologies, anti-analysis technique circumvention, threat intelligence extraction and the reverse engineering of both malicious software and legitimate systems for vulnerability discovery.

Blockchain and Web3 Security

Blockchain and Web3 security research examines smart contract vulnerabilities, consensus mechanism weaknesses, bridge security and the unique challenges of securing decentralised applications. The financial value secured by blockchain systems and the immutability of deployed code create distinctive security requirements that differ substantially from traditional application security.

Audience and Participation

Nullcon Berlin serves multiple constituencies within the cybersecurity ecosystem. Security researchers benefit from peer review and community feedback on original work. Practitioners gain exposure to emerging threats and defensive techniques before they appear in mainstream security guidance. Newcomers to the field encounter the research methodologies and technical depth that characterise professional security work.

The conference’s call for papers remains open until 10th July 2026, accepting submissions covering original vulnerability research, novel attack techniques, defensive innovations and security analysis across the technical domains outlined in the programme scope. Submissions demonstrating practical impact and technical novelty align with the conference’s emphasis on advancing the security field beyond incremental improvements.