Romanian “hackers” world vice -champions. Have tested top medical equipment for the third year in a row, at Def Con
Two Romanians, fighters of cyber security, successfully competed at the largest and oldest hacking conference in the world, Def Con 33 Las Vegas, which took place between August 7 and 10, 2025. They became world vice-champions, after two years in a row won the Biohacking Village CTF competition.
Dragoș Ionică and Adrian Dincă, World Camps in Cyber Security Photo: D. Ionică Archive
Vice -champions are Dragoș Ionică – Cyber Attack Senior Manager at Deloitte Romania and Adrian Dincă – main Pentest Analyst in Sophos, both with over 10 years of experience in the field. The challenge that the two chose this year (after winning the competition in 2024 and 2023) was Biohacking Village CTF, a section dedicated entirely to the security of medical devices. More than 50 teams participated in this competition for testing the medical field.
Better than Romanians were members of an American team, made up of five experienced players. Even in these conditions, the Romanians managed to reach a score very close to that of the champions, given that at this edition they could not gather additional score for the vulnerabilities discovered, the organizers changing the rules of the past years.
What Dragoș and Adrian had to do was to resolve web applications, Reverse Engineering and Hardware Hacking, working under time pressure. They have succeeded in successfully completing complex exercises such as the analysis of interface communications (Canbus, Uart, NFC) or decryption of ransomware infected databases.
The medical technology producers bring their equipment for photo tests: Dragoș Ionică Archive
Delighted by the success of the Romanians, the organizers invited them to join the organizing team and create challenges for future editions.
Apart from the competition, Dragoș Ionică and Adrian Dincă visited the stands of the great vendors in the medical field, present with equipment that they suspected of tests, managing to quickly identify Kiosk Bypass scenarios in complex Computer Tomograph.
What is happening at Def Con
The competition in Las Vegas, who has a tradition of over 30 years, brings together tens of thousands of fans of Cyber-Security every year, researchers and hackers around the world. There are discussions, practical workshops, and, of course, competitions such as “Capture The Flag”, where teams compete to solve security challenges.
The exploration of the specific areas takes place in “Villages” (villages), at this edition being countless such possibilities, such as Biohacking Village (the section that attracted the most Romanians). Passionists also have the opportunity to share their ideas and knowledge, which became, from an informal event for hackers, a unique conference for cyber security professionals that you cannot afford to miss.
Romanians have chosen to test photo medical technology: Dragoș Ionică Archive
At Biohacking Village, the challenge chosen by Romanians, the experience lived is at the intersection between cyber security, medical assistance and medical technology. Here you learn about the security of medical devices, the resilience of critical infrastructure, about systemic collaboration and development, ethical hacking and the disclosure of vulnerabilities, information about policies and regulations, etc.
The scenarios that unite the “villages” and complicate the game
I talked to Dragoș Ionic about this year's experience at Def Con 33 Las Vegas and I found out why it is important to be there, how the Romanians are seen, which is the gain of such competitions and what could be done more in the country, if the specialists were “exploited”.
This year the organizers decided to separate the medical equipment hacking from the resolution of the challenges. “Last year we also earned points. As problems, they were also considered bonus points for the competition. In fact, there was our major advantage (n. Red. – in 2024). That out of two, three vulnerabilities, we earn points for the competition and from here the difference quite detached. This year it was much closer and I have to do the logic, and I only have to do. buttons and medical equipment ”explained Dragoș Ionică for what reason they were in the second place, given that they were interested in especially the equipment testing.
“As a level of complexity, it was about the most difficult year as challenges. I think this was the handicap, that we were just two. It is difficult to solve the same volume of problems, at the same time or maybe even faster than a team of five ”Ionică explained.
On the other hand, the team from the 1st place was a redoubtable one, who tried, like the Romanians, and other challenges, in other “villages” proposed by the organizers.
One of the “villages” had challenges in the maritime field, the organizers providing a boat that operated autonomously (without crew). “A very good part was that the two villages were somehow connected. That is, there was a common challenge. A kind of story in which, on a catamaran, someone hidden a drug envelope. And you had to find the envelope and take that envelope, to extract it, to go to a medical equipment, and to have a medical equipment. The substance that the athletes take in the room. Dragoș Ionică explained.
The “villages” are interconnected by challenges launched “hacks” photo: Dragoș Ionică Archive
The participants' win is on both sides. Cyber security enthusiasts test more and more efficient equipment, and those who make them have the chance to discover them, for free, vulnerabilities, because the satisfaction that you have managed to do this is the biggest reward, Dragoș Ionică revealed, because the competition does not bring immediate material rewards. But it is the place where you create a name, you get invitations to further events, etc.
“The vendors were really caught up in the idea that they can test their last equipment removed from the factory with both their home engineers, say, but also with experts in the field. And this appetite was getting bigger. People come, test and gather feedback, collect feedback very quickly. Because we, for example, have found some problems on some equipment that we find in us. We pointed out, but we would not try to exploit them afterwards, because we had to accommodate the competition part. Only I reported to the vendors what I identified and the fact that many more things can be exploited. They appreciated a lot and said – yes, we consider sending you invitations to the year ”, Ionic detailed what happens during the event.
The awards for the winners are symbolic, and the travel to such an event are made at the company's expense. In time, thanks to the successful success, the company that Dragoș Ionică represents has thus become important in an area for which it was not necessarily known, having in fact renowned in audit and fiscal optimization.
At Def Con 33, compared to past experiences, Dragoș Ionică came, more and more professionals and fewer amateurs. “If in the past years there was an event with about 40-50 thousand people, many of them were just curious. This year came 20 thousand, of which 17 thousand good.” the vice -champion also revealed. Romanians had the opportunity to test medical equipment that has not yet been produced, which means access to the latest technology in the bio-medical field. Each detail detected and reported was repaired in a few hours, and the next day they were called to check.
“What was new this year, at least as a competition, was that they introduced a hardware hacking component. I mean, they gave us a set of plates. It was the first time we had to do that. I was not at all specialist in this area, but rather oriented in the software area. And I left my colleague who, the poor, ten hours did not rise from the chair. And he succeeded ”, Ionic added.
Presence at Def Con, an experience that cyber security fans cannot miss: di
During the essential competition, it is also organizing the teammates to manage to solve as many challenges and at the end to count among the winners. Focusing on the competition “eats” instead from the time other participants use to explore in more detail each Village (and were 12, from various fields, such as Biohacking Village, Carrhacking Village, Payment Village, Defender, etc.).
What most impressed Romanians, every time, is the opening they found. “People really are very open. Very big difference between Romanian reluctance -stay, that you are not allowed, we must sign seven contracts, ten NDAs (n. Red. -Privacy agreement), I do not know what -there you didn't sign anything. You just signed that you do not take pictures and that if you find a vulnerability you do not record with the phone to show how you did it ” Dragoș Ionică said.
Some bitterness of the Romanians who have proven their skill is that, although they would do pro bono tests and in the country, they have not received such a proposal so far, on the contrary, they have noticed. “If the medical industry in Romania would make us available, I would do this for free”, Ionica said.
