Show off your Best (Or Worst) Zero-day VulnS.

The Junkyard is a platform to showcase novel security research and support hobby and career development for security researchers.

We want you to bring your most impactful, creative, or most meme-worthy bugs in end-of-life (EOL) targets (both software or hardware), and demonstrate them live on stage.

❗ Deadline to submit for early consideration: September 5, 2025❗

❗ FINAL Deadline to submit: October 24, 2025❗

What’s In SCOPE?

Any product (software or hardware) publicly listed by the vendor as EOL at least one day before the conference (January 23, 2026).

In keeping with the conference ethos, we also require that:

- You commit as the researcher, to responsible disclosure of the vulnerability (60-90+ day disclosure windows with vendor); and

- You conducted your research in accordance with US law and ethical practices; and

- You are not under any restrictions or sanctions from the US.

Prizes will be awarded taking into account the following categories, and ARE expected to range from $100 to $5,000 USD :

❗ Most Impactful System ❗

🤡 Best Meme Target 🤡

😈 Most Engaging Presentation 😈

All prizes and acceptance of results to the event are at DistrictCon’s sole discretion.

How does the contest work?

1️⃣ Submit Your Target to DistrictCon

Submit to our Junkyard disclosure program on our platform sponsor (link coming ~April 2025), tell us what target you're exploiting, and what bug you have (or what you’re working on!).

2️⃣ Disclose the Bug to the Vendor 

- Ask our team for help if needed!

- Upload to your ticket in the DistrictCon platform: (1) proof of disclosure, and (2) proof that the target is EOL (e.g., from a webpage, announcement, or an email from the vendor confirming it). [LINK COMING SOON]

3️⃣ If Your Entry is Accepted to present at DistrictCon: Create a Cover Name, 10-15 Minute Talk + Demo

- Attendees won’t know what your target will be until you reveal it on stage! The cover name is a fun name to go on the agenda.

- Tell us your name and/or handle as you’d like them displayed.

- Let us know any unique requirements: if it’s huge, power requirements, if you need to play audio from a device, etc.

4️⃣ Compete and Win! 💰

When you come up on stage, you’ll share:

- Who you are, as much as you want

- The target, and why it matters

- Demonstrate the bug, explain how it works and the impact

- Share anything unique, clever, and creative about your exploit development.

- We will live-stream and record only with your permission (last year everyone opted to!).

Some advice:

- Leave time for questions from the MC or judges

- Generally slides aren’t needed in this format - engage the audience instead and show your demo!

- Have fun, involve the audience or judges as you wish.