First P0wn Off energy
HackMiami’s official history credits this era with the first commercial-tools P0wn Off concept, reinforcing its early offensive identity.
HackMiami began as a hands-on South Florida security community, built technical credibility before it became a recurring conference, and evolved into a program that tracks where offensive security, infrastructure, AI, and real-world tradecraft are actually moving.
Browse the archive year by year, review the keynotes and major moments, then move directly into HackMiami 1101. The history matters because it shows the event has been built on substance, continuity, and people who do the work.
These are the moments that shaped the conference and help explain how HackMiami developed from a local security community into a recognized conference brand.
HackMiami’s official history credits this era with the first commercial-tools P0wn Off concept, reinforcing its early offensive identity.
HackMiami won South Florida’s Hack The Flag CTF, then added Black Hat USA Panoply CTF recognition, proving the talent existed before the conference brand did.
The first official HackMiami conference lands, Rolling Stone covers it, and the event earns a reputation for mixing real technical content with real hacker culture.
The NFC implant malware demo becomes one of the most memorable HackMiami moments and a shorthand for the event’s hands-on edge.
A strong keynote bench and the ZenEdge WAF-Off push HackMiami further into top-tier offensive and AI-adjacent conference territory.
Deepfakes, AI governance, agentic automation, AI-assisted offense, OT defense, and SOC workflows put HackMiami where the field is actually moving.
Click any year to open the full history, including keynotes, milestones, and the program themes that defined each era.
HackMiami’s roots begin in 2008 as an informal technical collective centered around Florida International University. The earliest phase focused on hardware experimentation, embedded work, and renewable-energy projects before the group made a sharper move into cybersecurity.
By 2009, HackMiami had incorporated and started building an identity around web application security, malware analysis, and practical offensive research. In 2010, the organization’s history points to early P0wn Off-style competition culture, which helped separate it from generic meetups and positioned it closer to a proving ground.
What matters most about 2011 and 2012 is that HackMiami earned credibility before it became a conference brand. The group won South Florida’s Hack The Flag CTF and followed that with Black Hat USA Panoply CTF recognition.
The first official HackMiami Conference ran May 17–19, 2013 in Miami Beach. This is the year the conference becomes a public identity rather than just a respected community. It is also the year official history ties HackMiami to a first-mover reputation by accepting Bitcoin, which reinforced its hacker-first image at a time when that still felt sharp and unconventional.
2013 also matters because the Web Application P0wn Off became one of HackMiami’s signature artifacts and later received mention in The Hacker Playbook. That kind of carryover matters on a modern event page because it shows the conference generated things people remembered outside the event itself.
Most importantly, Rolling Stone put HackMiami into mainstream national media with “The Geeks on the Front Lines”. That story helped define the early public mythos of HackMiami as something more alive, cultural, and credible than a generic hotel-conference circuit stop. The Winter Hacker Festival, K&&K CTF, and hacker-culture crossover further reinforced that identity.
HackMiami 2014 ran May 9–11 in Miami Beach and is one of the cleanest archival years. This matters for the site because the record is unusually solid, which lets the page feel confident instead of speculative.
Keynotes: Gary Bahadur and Dave Marcus. That is real enterprise and threat-intelligence weight. This was not a casual local speaker lineup. It signaled that HackMiami could attract names with legitimate industry gravity while still keeping the conference culture intact.
The year also included the K&&K CTF, the “Revenge of the Web Application” Pwn-Off, and the Internet Computer Party. In other words, 2014 captures the HackMiami formula clearly: keynotes with credibility, competition with teeth, and a vibe that still felt like a hacker event instead of a sterile trade show.
HackMiami 2015 is remembered for the kind of moment people still bring up years later: the NFC implant demonstration used to deploy Android malware. Whether someone attended or only heard about it afterward, this is the sort of incident that helps define a conference’s legend.
The year also carried strong threat-intelligence and enterprise-research energy, with Team Cymru-linked signal around the event and a broader program that appears to have included OSINT, YARA, hardware botnets, IoT telemetry, and cryptocurrency-adjacent research. Even where the surviving record is partial, the tone is clear: practical, offensive, and not sanitized.
For an archive page, 2015 is valuable because it compresses the HackMiami pitch into one sentence: if something strange, real, and technically memorable was happening on stage, there was a good chance it was happening here.
HackMiami 2016 ran May 13–15 and stands out as one of the easiest years to position as a prestige moment in conference history. The evidence is clean and the lineup is strong.
Keynotes: Iftach Ian Amit and John McAfee. Whatever else is said about the year, those names alone establish range, visibility, and industry signal. They helped cement HackMiami as more than a local meetup or niche gathering.
2016 also included the ZenEdge WAF-Off, described as a public AI/ML WAF battle. In hindsight, that is one of the archive’s most useful details because it shows HackMiami was experimenting with public AI-security competition framing earlier than many conferences. This year is the perfect anchor when you want to show buyers that the event has been ahead of the curve before and is likely to be ahead of it again.
The 2017 archive is not as clean as the strongest years, but it is still strong enough to show continuity. The signal here is that HackMiami did not lose momentum after its breakout period.
Keynotes: Michael Gough, Neil “Grifter” Wyler, and Iftach Ian Amit as a repeated threat-intelligence presence. That is a serious stack for anyone who knows the field, and it tells a prospective attendee that the conference was still drawing recognized operations-heavy names.
Recovered program fragments suggest topics like accepted-risk abuse, command-and-control tradecraft, webshell detection using machine learning, and aviation-related security research. The archive may be uneven, but the direction is not: HackMiami remained technical, current, and willing to pull from different corners of the field.
2018 is one of the stronger later archive wins because the keynote layer is easy to defend and instantly credible.
Keynotes: Christopher Ahlberg and Jack Daniel. That pairing matters. One brings major threat-intelligence founder energy. The other represents one of the most recognizable community-building forces in security. Together, they reinforce that HackMiami could bridge enterprise relevance and grassroots credibility without feeling forced.
The program also shows the conference intersecting with machine learning security analytics before the broader market fully flooded with AI marketing language. That detail ages well. It tells future attendees that HackMiami has a pattern of surfacing the next wave early, not just following whatever trend already dominates LinkedIn.
2019 reads like the peak of the pre-pandemic stability era. Public summaries place the conference at Seacoast Suites in Miami Beach, with recognized names on the bill and a strong supporting meetup engine around the main event.
Headline presence: Dave Marcus, Vinny Troia, and core HackMiami leadership. The supporting community programming around the conference included machine learning for identifying malicious actors, Maltego, Raspberry Pi work, OSINT, and other highly practical topics. That matters because it shows HackMiami was more than a once-a-year marketing spike. It had a real cadence.
For conversion copy, 2019 is useful because it proves HackMiami can be both mature and alive. It was not coasting on underground mythology alone. It had recurring relevance and community density.
HackMiami 2020 shows the conference adapting under pressure rather than disappearing. Official materials placed the conference in Fort Lauderdale and show the event still presenting itself as a recognized stop on the infosec circuit even as the pandemic disrupted normal operations.
Keynote: Chris Roberts. That gave 2020 a recognizable anchor at a moment when many events were losing cohesion. Around that keynote, the record shows GLIBC heap exploitation, OSINT and offensive recon, plus villages and competitions covering Bluetooth, lockpicking, Raspberry Pi, and packet capture.
The lesson from 2020 is simple: the format changed, but the instinct did not. HackMiami kept pushing technical content instead of settling for a thin remote placeholder.
The 2021 record is more meetup-heavy than conference-heavy, but it is still valuable because it proves continuity. Hardware hacking, cloud pentesting, packet work, and telecom-oriented attack surface research continued to show up while many communities were still in recovery mode.
The strongest signal from this year is competitive. Public summaries tie HackMiami-associated talent to the DEF CON Capture the Packet Black Badge. For an archive page, that matters more than inflated prose ever could. It is the kind of line practitioners immediately respect.
2021 tells a future attendee that HackMiami’s orbit was still producing serious operators even during an awkward industry period.
By 2022, the HackMiami record shows more RF, industrial, and control-system-adjacent energy. Public traces point to topics like RF tooling, controls frameworks, and hybrid security material that widened the conference’s footprint beyond classic appsec or pentest-only expectations.
Another major signal comes from competition. Public summaries connect the HackMiami and Pacific Hackers orbit to the Red Alert ICS CTF win at DEF CON 30. That is exactly the kind of detail that tells an OT- or ICS-curious attendee this is not empty branding.
2022 is the bridge between the earlier offensive-security identity and the later AI-plus-infrastructure era. It proves the conference was already comfortable at the intersection of real systems and emerging risk.
HackMiami X, held in Sunny Isles Beach, marks a visible return with a more structured dual-track format. The split between Nu World Order and Old World Order gave the conference a cleaner way to serve both broader-interest attendees and deeper technical audiences without flattening the program.
The content signal around this year includes detection engineering, Impacket, offensive tooling, and robots or AI-adjacent demos. That matters because it shows the conference did not return by clinging to nostalgia. It returned by updating the conversation.
2023 shows the conference returning with a stronger structure and a clearer program identity.
HackMiami XI at Marenas Beach Resort gives the archive one of its clearest modern years. The video and sponsor footprint are active enough that the page can speak with confidence.
The standout moment is Brandon Kovacs’ “CyberMirage” deepfake talk, which is exactly the kind of modern, high-interest, high-share topic that makes an archive page do more than look backward. It also helps validate that HackMiami was not late to AI-related security concerns. It was already showcasing them in a concrete way.
The surrounding content also covered cloud abuse, file-system redirection bugs, and AI policy frameworks such as the NIST AI RMF. If someone wants proof that HackMiami knows where the field is moving, 2024 is one of the strongest exhibits.
HackMiami XII is another modern year with a recoverable and defensible roster. That matters because it lets the archive page feel current instead of nostalgic.
Keynote: Marco Figueroa. That keynote matters because it signals a move into the modern GenAI bug bounty and AI-application security conversation rather than leaning only on legacy names. The rest of the visible program shows secure SDLC, offensive engineering, telecom and enterprise perspectives, and continued ties to practitioners actively doing the work.
2025 shows HackMiami continuing to bring in relevant voices on GenAI bug bounty, appsec, offensive engineering, and modern enterprise security.
HackMiami 1101, held May 12–16, 2026 at Marenas Beach Resort, is the clearest expression yet of where the conference is heading. The official structure is four days of training and one day of talks, with the dual-track format still intact.
Keynote: Ryan Montgomery. That keynote gives 2026 a strong public-facing anchor, but the broader program is what seals the message. The lineup moves through AI-driven defensive security, AI and SOC workflows, red team tooling built around MCP and agents, supply-chain risks in agentic automation, AI-powered social engineering, OT and communications risk, cloud abuse, and modern AI governance.
2026 is the clearest current expression of HackMiami’s direction. The program sits at the intersection of offensive security, AI operations, CTI, deception, infrastructure, and modern enterprise security, with four days of training and one day of talks built around those themes.
These references connect the conference archive to external coverage and the current event page.
A high-signal mainstream proof point that gives the archive social weight beyond the usual conference bubble.
Read the articleMove directly from the archive into the current conference page and ticket information.
Go to HackMiami 1101HackMiami 1101 continues the conference with four days of training, one day of talks, and a program focused on AI, offensive security, SOC workflows, infrastructure, and modern tradecraft.