Black Hat Videos

Ari Herbert-Voss shares what makes the Black Hat community unique, welcoming to newcomers while staying highly technical and focused on cutting-edge research. 🎥 Watch the full Episode 5 to hear more about Ari’s Black Hat experience.

A single infected server led us into a much larger story. While investigating suspicious repositories on exposed **** Git servers, we uncovered signs of active exploitation: commands hidden inside repository configurations, payloads fetching remote shells, and infrastructure linked to a custom-packed Supershell C2. What at first looked like an opportunistic abuse of a known bug turned out to be something more: an unpatched zero-day vulnerability, already being leveraged in the wild. While an older RCE was known, the affected systems matched a yet-unknown exploit chain. This mismatch was the first clue that attackers were using a new vulnerability, rather than simply reusing a patched one. In this talk, we will retrace that investigation. Starting from live exploitation artifacts, we will show how we correlated repositories across multiple tenants, fingerprinted vulnerable internet-facing servers, and pieced together the attack chain. Our scans revealed over 700 compromised **** instances worldwide, with dozens already updated yet still showing signs of compromise. The evidence demonstrated that attackers had a working exploit before disclosure. We will close with lessons learned for defenders. These include how to detect malicious repository abuse in developer platforms, techniques for hunting zero-days from threat intelligence leads, and what this case study means for the broader risk landscape of self-hosted developer tools. By: Gili Tikochinski | Malware Researcher, Wiz Yaara Shriki | Threat Researcher, Wiz https://blackhat.com/eu-25/briefings/schedule/?#from-live-exploitation-to-zero-day-discovery-investigating-attacks-on-gogs-49500

Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We’ll let you know all the tools and techniques we’re using to set up, stabilize, and secure the network, and what changes we’ve made over the past year to try and keep doing things better. Of course, we’ll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network. By: Neil Wyler | Vice President of Defensive Services, Coalfire Bart Stump | Managing Principal, Coalfire https://blackhat.com/eu-25/briefings/schedule/?#the-black-hat-europe-network-operations-center-noc-report-50009

AI vision systems see differently than humans do. When platforms downscale uploads to save compute, the mathematical properties of interpolation algorithms create exploitable artifacts. In this presentation, we’ll show how to craft images which use invisible pixel perturbations to reveal malicious prompts after downscaling, triggering unauthorized tool execution across Google Gemini, Vertex AI, Google Assistant, and Genspark. Beyond image downscaling, we’ll explore the broader attack surface, including audio transformations, dithering algorithms, and other preprocessing steps that become prompt injection vectors. You’ll learn to fingerprint vulnerable systems using test patterns that reveal specific downscaling implementations across AI libraries. We’ll demo Anamorpher, our open-source tool for automated attack generation, with both Python APIs and visual interfaces, as well as examine practical mitigations from displaying actual processed images to implementing design patterns resistant to prompt injection, such as the action selector pattern. By: Suha Hussain | AI Research Engineer, Product Security, Harvey Kikimora Morozova | Security Researcher, Trail of Bits https://blackhat.com/eu-25/briefings/schedule/?#weaponizing-image-scaling-against-production-ai-systems-49911

For decades, the National Vulnerability Database (NVD), maintained by NIST, has served as a cornerstone of vulnerability intelligence, providing crucial enrichment for Common Vulnerabilities and Exposures (CVEs). However, the NVD is grappling with an unprecedented backlog, stemming from budget cuts, an exponential surge in vulnerability disclosures, and inherent technical rigidities. This crisis has exposed its fragility and the systemic limitations of a centralized vulnerability management model. A model that leaves organizations blind to critical threats and exacerbates operational burdens. This talk argues that the current NVD crisis is a call for a fundamental paradigm shift, we must move towards global CVE decentralization now! We meticulously dissect the NVD’s failures and their far-reaching implications, then envision and advocate for a resilient, scalable, and collaborative decentralized ecosystem. By exploring pioneering models such as the Global CVE Allocation System (GCVE), the principles of Federated Search, and the potential of blockchain technology, this talk proposes a multi-faceted architectural evolution. We outline a comprehensive roadmap, detailing evolving responsibilities for software vendors, security teams, government agencies, and researchers. The post-NVD Era is not just about fixing a broken system. It’s about embracing a distributed future where collective intelligence, shared responsibility, and technological innovation converge to build a more robust and trustworthy global vulnerability management framework. By: Jerry Gamblin | Principal Engineer, Cisco https://blackhat.com/eu-25/briefings/schedule/index.html#the-post-nvd-era-a-call-for-global-cve-decentralization-49430

Ari Herbert-Voss, Founder and CEO of RunSybil, shares how Black Hat helps drive business exposure and build meaningful connections within the cybersecurity community. From reconnecting with industry peers to staying close to evolving trends, events like Black Hat continue to play an important role for professionals in the space. 🎥 Check out episode 5 to hear more about Ari’s Black Hat experience.

In Active Directory networks, user identity impersonation is commonly used when applications need to access network resources on behalf of the user. One of the safest ways to implement this is through Kerberos Constrained Delegation (KCD), which enforces trust boundaries between the application and the target services. In this talk, we’ll dive into the internals of the authentication process behind these mechanisms and present CVE-2025-60704: a logical vulnerability we discovered in Microsoft’s Kerberos implementation. Using Machine-in-the-Middle technique, this flaw allowed us to impersonate arbitrary users and ultimately gain control over the entire domain. To understand how the vulnerability works, we’ll walk through protocol behavior, trust assumptions, and some light reverse engineering of Windows internals that helped us trace the flaw down to its root. Finally, we’ll discuss mitigation strategies and how to better protect environments relying on Kerberos delegation. By: Eliran Partush | Security Researcher, Silverfort Dor Segal | Security Research Team Lead, Silverfort https://blackhat.com/eu-25/briefings/schedule/index.html#you-win-some-you-checksum-a-kerberos-delegation-vulnerability-49475

Running CodeQL’s built-in queries on Redis gave me over 6,800 potential issues. Doable, maybe. But when I tried FFmpeg, I got over 51,000. That’s way too much for me. And how many of those are real vulnerabilities? Probably around 0.01%. The sheer number of false positives makes static code analysis impractical – who wants to manually sift through tens of thousands of results just to find a few actual security flaws? To fix this, we built an open-source tool that fuses CodeQL with an LLM-driven agent. This agent autonomously navigates the code, running targeted queries to extract only the relevant context. On top of that, we introduced Guided Questioning, an advanced reasoning technique that keeps the LLM focused, improving accuracy even for complex vulnerabilities. Using this approach, we reduced false positives by up to 97% and uncovered more than a dozen real-world security issues in Linux, Apache, FFmpeg, Bullet3, Libvips, libretro, Linenoise, and other widely used open-source projects. By: Simcha Kosman | Senior Security Researcher, Cyberark https://blackhat.com/eu-25/briefings/schedule/?#flaw-and-order-finding-the-needle-in-the-haystack-of-codeql-using-llms-49247

Domain Controllers (DCs) are organizations’ crown jewels. A successful Denial-of-Service (DoS) attack against them can terminate authentication processes and cause widespread disruption. Our previous LdapNightmare research – the first public pre-auth DC DoS exploit for CVE-2024-49113, revealed that DCs can be turned into LDAP clients by communicating with their NetLogon RPC server. These clients could then be crashed by a single invalid value they receive. This taught us that remotely triggered client code is a blind spot that overtrusts. Eager to find other blind spots in servers on DCs, we asked – what will make server code overtrust? abstraction layers! We realized that although common server code nowadays mostly mitigates classic server risks, that’s maybe untrue in case it’s transport-agnostic, uses heavy abstractions, and focuses mostly on the application’s logic. Starting by targeting remotely triggered LDAP client code, we found a vulnerability that denies service from DCs, or alternatively can be exploited to manipulate them to join a DDoS botnet attack. Then, we moved on to target Windows’ most common transport-agnostic wrapped server code – RPC functions. By exploiting security gaps in RPC bindings, we developed novel techniques allowing to hammer a single RPC server tens of thousands of times simultaneously from a single system, far surpassing standard concurrency limits! And WOW- this armed us beyond our expectations, with vulnerabilities crashing any form of Windows, both servers and endpoints! Our blind spot hypothesis turned out to be the reality. In this talk, we’ll present “Win-DoS” – A set of tools exploiting 30 DoS vulnerabilities we discovered in Domain Controllers and Windows endpoints. Most vulnerabilities do not require any authentication, and one even allows not only to crash, but also to effortlessly initiate a botnet harnessing the upload rates and vast resources of any public DCs to participate in DDoS attacks. By: Or Yair | Security Research Team Lead, SafeBreach Shahak Morag | Security Researcher https://blackhat.com/eu-25/briefings/schedule/?#win-dos-aftershock-a-crash-course-in-revealing-insecure-blind-spots-for-dos–ddos-49015

System Management Mode (SMM) is an operating mode introduced by the x86 processor to handle critical hardware events and chipset errors. SMM applications, designed to run in this mode, operate at a high privilege level (known as Ring -2, which is even higher than the kernel mode, Ring 0). With the high privilege, SMM applications have almost unlimited access to system resources. However, vendors commonly adopt memory-unsafe programming languages, such as C and C++, to develop SMM applications, making them prone to memory corruption vulnerabilities. Once compromised, the attacker may gain complete control over the system. This intrinsic feature makes SMM applications a very attractive target for attackers. While SMM applications play a crucial role in the foundation of low-level system software, applying efficient and effective fuzzing to them is a very challenging and complex task. In this talk, we present the first systematic SMM application fuzzing framework specifically designed to detect memory corruption vulnerabilities in closed-source SMM applications. We observe that the SMM application, as part of the UEFI firmware, is supposed to run in a UEFI runtime environment. Without such an environment, SMM applications cannot be correctly initialized and executed. As such, we will present all the technical details related to an all-in-one solution for SMM application fuzzing. Our framework offers a fully featured UEFI runtime environment. With such an environment, we ensure that fuzzing does not result in early crashes and a high number of false positives. Additionally, we present the details behind a universal fuzzing harness for successful fuzzing campaigns. The fuzzing harness contains an interface grouping and a memory access interception mechanism to infer the input semantics, such that it can explore the deep logic of SMM applications. Our framework has already proven its impact: in our experiments, we identified a total of 38 new vulnerabilities in firmware from nine well-known vendors. We will share the technical insights behind these discoveries and walk through several real-world case studies that highlight the power and versatility of our approach. By: Jianqiang Wang | Dr.-Ing., Max Planck Institute for Security and Privacy https://blackhat.com/eu-25/briefings/schedule/index.html#breaking-ring–2-unveiling-system-management-mode-memory-corruption-vulnerability-via-fuzzing-48091

In episode 5, Ari Herbert-Voss, Founder and CEO of RunSybil, talks about a first Black Hat experience — the scale, the technical depth, the community that’s both welcoming and sharp. After multiple years of attendance, each event continues to showcase new technologies and evolving approaches, while the community stays the same. That’s what keeps practitioners coming back. From emerging trends like offensive AR to the accelerating pace of offensive security, Black Hat highlights where the industry is headed. Peer-reviewed research. Hands-on training from practitioners deploying techniques in live environments. A community that is open to new voices.

Join our Review Board members for a powerful closing session that distills the essential cybersecurity insights from this year’s conference. This dynamic panel will synthesize key takeaways from the Briefings program and forecast emerging trends that security professionals should have on their radar. Leave SecTor with clarity on what truly matters in today’s complex threat landscape. Opheliar Chan | Chapter Co-Lead, OWASP Toronto Dave Millier | CSO, Quick Intelligence Maryna Neprosta | Review Board, SecTor Tom Tran | Senior Manager of Offensive Security, Government of Ontario https://blackhat.com/sector/2025/briefings/schedule/?#sector-2025-grand-finale-cutting-through-the-cyber-noise-49600

For over twenty years, the University of Toronto’s Citizen Lab has pioneered investigations into digital security and human rights—from exposing state cyber espionage to uncovering the global spread of mercenary spyware targeting journalists, activists, and human rights defenders. Drawing from my latest book, Chasing Shadows, I will recount how our mission to conduct “counter-intelligence for civil society” revealed surveillance around the inner circle of murdered Washington Post journalist Jamal Khashoggi and uncovered domestic espionage campaigns across Mexico, Spain, Hungary, Poland, Thailand, El Salvador, and most recently, Italy. As our small team disarmed cyber mercenaries and helped improve the digital security of billions, we, too, became targets—caught in the same sinister crosshairs as those we sought to protect. I will also look ahead to the future of our mission and the rising challenges of AI-enabled subversion, Dark PR, and advertising intelligence, and how the kind of public-interest research the Lab has championed is now under threat from a growing tide of despotism and authoritarianism. By: Ron Deibert | Director, The Citizen Lab, Professor of Political Science, University of Toronto https://blackhat.com/sector/2025/briefings/schedule/?#chasing-shadows-chronicles-of-counter-intelligence-from-the-citizen-lab-49605

Join us for an inside look at how leading cloud providers architect their environments, and the anatomy of a container escape vulnerability in the wild. Our goal is to learn how to build stronger guardrails in the cloud by examining the flaws and misconfigurations we were able to exploit in each environment. As AI workloads migrate to the cloud, Cloud Providers are rapidly evolving their GPU offerings. These multi-tenant environments are often built on the NVIDIA Container Toolkit, the industry-standard framework for running GPU-based containerized apps. In this talk, we will show you how a single vulnerability in this fundamental framework impacted the entire cloud ecosystem – and how each environment handled a brand-new 0-day vulnerability. We’ll walk through our discovery of a container escape vulnerability in this foundational layer of GPU infrastructure, and its real-life implications across 3 different cloud providers: Azure, DigitalOcean, and Replicate. Each case study began with a standard customer workload running our exploit – but the outcomes varied widely. One led to a minor impact; another with lateral movement that triggered blue teamers; and one resulted in complete service takeover. The differing outcomes didn’t stem from the vulnerability itself; they stemmed from varying service architectures and security best practices. We’ll analyze and contrast these implementations to demonstrate how a well-isolated environment can be resilient even against 0-day attacks! By: Hillai Ben-Sasson | Security Researcher, Wiz Nir Ohfeld | Head of Vulnerability Research, Wiz https://blackhat.com/sector/2025/briefings/schedule/?#the-good-the-bad-and-the-ugly-hacking-3-cloud-providers-with-1-vulnerability-47447

Most threat modeling ignores hardware — but hardware problems can be impossible to fix when products have left the factory. The industry has spent decades refining threat modeling processes so they’re approachable, organized, and useful; however most of this was done with software security in mind. Three leading experts have performed a threat model of the OpenWRT One. We’ll share our complete results, a case study threat modeling document, and our process. We chose it because it’s open and attendees may be familiar with it, but also because the scenario mirrors real threat modeling: you don’t have to reverse out all the details. Whether we’re dealing with IoT/OT devices, hardware security modules, multi-tenant cloud hardware, or specialized compute accelerators, we’ve seen when and how hardware-specific threats come into play. When is hardware in scope? When is it someone else’s problem? When and how do we decide if it is just an acceptable risk? We’ll explain when, why and how your next model should consider hardware threats, even if you don’t think you have hardware to worry about or you think it’s out of scope. We’ll call out a number of assumptions you should keep in mind and share the process for you to assess mixed hardware/software systems yourself. Attendees will learn how to develop a better understanding of what hardware you’re already working with, what can go wrong with it, and what you can do about it. Hopefully this, combined with a fully worked example of how that all comes together, will help you do a good job of incorporating hardware concerns into your threat model to make long term product security easier. By: Eric Evenchick | Co-Founder and Managing Partner, Tetrel Security Joe FitzPatrick | Trainer and Researcher, SecuringHardware.com Adam Shostack | President, Shostack + Associates https://blackhat.com/sector/2025/briefings/schedule/?#security-is-easier-before-pcb-assembly-easy-threat-modeling-for-hardware-48723