Black Hat Videos

The Border Gateway Protocol (BGP) is the core routing protocol on the Internet, but it lacks security mechanisms. At the same time, the democratization of access has transformed the Internet into the default platform, where global services and communications happen. As a result, routing security quickly became an issue of great economic and national security concern. The US Federal Communications Commission and the White House Office of the National Cyber Director formally recognized the urgent need to invest more on protecting Internet routing, and standardize efficient security protocols. The Resource Public Key Infrastructure (RPKI) protocol is rapidly becoming the global standard for enforcing Internet routing security for BGP. It currently covers over 50% of IPv4 and IPv6 prefixes and has been deployed by at least 27% of networks in the world, including major Tier-1 providers. However, RPKI is not secure by design. Research on its robustness and security properties has shown that despite the minimal public facing interfaces, RPKI suffers from widespread crash-inducing vulnerabilities and exploitable protocol loopholes. Attacks on RPKI have been well-documented over the years, including previous Black Hat talks. Now that RPKI is poised to go global, with the potential of being included into strict security regulations, it is time to reconsider the current vulnerable deployments and improve their robustness. In this work, we introduce Byzantine RPKI (ByzRP), a secure, robust, and distributed intermediate RPKI service that provides a stable output for all RPKI clients worldwide, while being able to completely bypass stalling and denial-of-service attacks on the RPKI infrastructure, with no downtime and service failure. We also offer a secure live ByzRP deployment for all interested parties worldwide to test it and eventually incorporate it into their networks. By: Donika Mirdita | Security Researcher, Technical University Darmstadt | ATHENE Jens Frieß | Security Researcher, Technical University Darmstadt | ATHENE Haya Schulmann | Professor, Goethe University Frankfurt | ATHENE Michael Waidner | Professor, Technical University Darmstadt | ATHENE | Fraunhofer SIT Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#the-byzrp-solution-a-global-operational-shield-for-rpki-validators-44176

In this talk, we present the first open source implementation of HID SEOS communication protocol over RFID. HID SEOS is a credential technology designed to provide enhanced security, flexibility, and convenience for access control and identity management applications. It’s currently the leading access control solution for HID Global and is widely used in corporate, educational, healthcare, and government settings. The documentation for this card technology is not publicly available so no previous open source implementation exists. We will demonstrate how it works and give insights in our process of making this project happen. The source code has been incorporated into the Proxmark3 project. By: Iceman | Co-Founder, AuroraSec, RRG Adam (evildaemond) Foster | Senior Penetration Tester, Onestep Group Full Abstract and Presentation Materials: https://www.blackhat.com/asia-25/briefings/schedule/#dismantling-the-seos-protocol-44583

The Drone Supply Chain’s Grand Siege: From Initial Breaches to Long-Term Espionage on High-Value Targets In mid-2024, we disclosed a cyber campaign named TIDRONE, attributed to an unidentified threat actor likely linked to Chinese-speaking groups. This campaign revealed a strong focus on the military industry, specifically targeting drone manufacturers in Taiwan. Further investigation led to the identification of a related campaign, VENOM, attributed to the cyberespionage group Earth Ammit, which targets military-related industries in Eastern Asia. Since 2022, the VENOM campaign demonstrated Earth Ammit’s supply-chain attack strategy, focusing initially on service providers as an entry point to their ultimate targets. This campaign prefers applying shared tools, making attribution difficult, and emphasizing credential theft, particularly from Active Directory (AD), as a precursor to further supply-chain attacks. Earth Ammit employed distinct TTPs and toolsets based on the stage of their target. For initial breaches involving service providers, the group used a broad range of shared tools to minimize the risk of attribution. These tools facilitated lateral movement and credential harvesting, primarily aimed at compromising the service provider’s infrastructure as a stepping stone to reach more valuable targets. In contrast, Earth Ammit adopted more sophisticated and tailored approaches when accessing their true targets. This phase involved the deployment of customized malware, including advanced RATs like CXCLNT and CLNTEND, which were analyzed before. The group shifted its focus to long-term espionage tactics, ensuring persistence and deep infiltration into critical systems. This variation in toolsets and TTPs demonstrated Earth Ammit’s strategic adaptability, with simpler methods for penetrating supply-chain networks and more complex, targeted tools reserved for high-value military targets to maximize intelligence gathering and maintain prolonged access. This presentation offers an in-depth analysis of the TIDRONE and VENOM campaigns, revealing Earth Ammit’s evolving arsenal and multi-stage intrusion strategies. It also emphasizes the link between VENOM and Dalbit, highlighted by their shared TTPs, common target profiles, and repeated use of similar tools. By: Pierre Lee | Senior Threat Researcher, TrendMicro Vickie Su | Senior Threat Researcher, TrendMicro Philip Chen | Threat Researcher, TrendMicro Full Abstract and Presentation Materials: https://www.blackhat.com/asia-25/briefings/schedule/#the-drone-supply-chains-grand-siege-from-initial-breaches-to-long-term-espionage-on-high-value-targets-44145

I Have Got to Warn You, It Is a Learning Robot: Using Deep Learning Attribution Methods for Fault Injection Attacks Deep Learning (DL) has recently received significant attention in breaking cryptographic implementations on embedded systems. However, research on the subject mostly focused on side-channel attacks (SCAs). In this talk, we present for the first time the use of DL attribution methods used for image processing as a reverse engineering tool for fault injection (FI). We present a practical example in the case of attacking a secure EEPROM (Analog Devices DeepCover DS28C36) in black box approach. We collect power consumption traces from the chip while the read memory command is executed. This acquisition is performed when the EEPROM is protected and unprotected. Then, we deliver the power consumption traces to a DL model to learn the difference between them. After that, we use deep learning attribution methods such as gradient or layer-wise relevance propagation (LRP) to reverse the deep learning model decision. This step guides the attacker about the manipulation timings of the security fuses of the EEPROM. By using this knowledge, we conclude that the chip performs a double checking as a countermeasure against single fault injection attacks. Finally, we perform a double laser fault injection which bypasses the two security checks, and therefore we can extract the protected EEPROM user secrets. By: Karim Abdellatif | Hardware Security Expert, Ledger-Donjon Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#i-have-got-to-warn-you-it-is-a-learning-robot-using-deep-learning-attribution-methods-for-fault-injection-attacks-44092

Apple’s solution for mobile device management seems like an airtight process. Enterprise customers buy devices from registered retailers, these are automatically registered in Apple Business Manager which in turn integrates seamlessly with the customer’s choice of MDM platform. A company can have devices set up and shipped to remote employees without ever touching them. With many seemingly airtight systems, the devil is in the details. How do all these systems fit together? How do they authenticate each other? And most importantly who is responsible for security? This talk will focus on the gaps between the systems and how an attacker can leverage those to compromise enterprise customers. We will reverse engineer the enrolment process in MacOS, bypass security controls, build rogue machines and look at a series of common misconfigurations that when combined can have devastating outcomes. We will see how the black box of the Apple MDM process can be opened up and can contain some surprising loot. By: Marcell Molnár | Lead Offensive Security Engineer, Form3 Magdalena Oczadły | Senior Offensive Security Engineer Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#impostor-syndrome—hacking-apple-mdms-using-rogue-device-enrolments-44052

Hardware is born of supply chains – an opaque global network of agents, each working to optimize their local gains. In this talk, bunnie shares some of his experiences navigating the shady underbelly of hardware supply chains. These experiences inform us of important practical differences between securing software and hardware supply chains. We’ll wrap up by distilling these experiences into a classification system that anyone can use to establish a grounded perspective on trust in hardware. Open to all Black Hat Pass Holders. By: Bunnie Huang | Founder, Bunnie Studios Full Abstract Available: https://www.blackhat.com/asia-25/briefings/schedule/#keynote-perspectives-on-trust-in-hardware-supply-chains-44613

Voice phishing (a.k.a. vishing) is a crime in which scammers deceive victims through phone calls in order to fraudulently obtain funds or steal personal information. Malicious apps are needed for voice phishing attacks targeting smartphone users. These apps intercept and block phone calls, and tamper with call screens and call logs. We have identified an attack group that uses malicious apps disguised as financial and vaccine apps for voice phishing. We estimated that the group has been active since late 2021. The attack group lures victims through ads or text messages about low-interest loans or government subsidies. If victims take the bait, the group distributes the 1st malicious app disguised as a financial app. The 1st app installs a 2nd malicious app disguised as a vaccine app and steals victims’ input data. The 2nd app is used for voice phishing, remote control, victim monitoring, and data leakage. In the second half of 2024, this app was split into two separate apps: a 2nd_main and a 2nd_call app. We have tracked and analyzed these malicious apps for a year. In this presentation, we will introduce the malicious apps, infrastructure, and recent trends of the attack group. By: Hyeji Heo | Security Researcher, Financial Security Institute Sungchan Jang | Security Researcher, Financial Security Institute Byungwoo Hwang | Security Researcher, Financial Security Institute Jinyong Byun | Security Researcher, Financial Security Institute Kuyju Kim | Security Researcher, Financial Security Institute Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#operation-blackecho-voice-phishing-using-fake-financial-and-vaccine-apps-44173

WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third globally. Instead of TLS, WeChat mainly uses a proprietary network encryption protocol called “MMTLS”. We performed the first public analysis of the security and privacy properties of MMTLS and found it to be a modified version of TLS 1.3, with many of the modifications that WeChat developers made to the cryptography introducing weaknesses. We also discovered a second layer of encryption inside MMTLS which we refer to as “Business-layer encryption”. We analyzed the security and privacy of Business-layer encryption and found serious issues including metadata leak, forgeable integrity check signatures, potential AES-CBC padding oracle and Key, IV re-use in block cipher mode. These issues are not directly exploitable thanks to the protection of outer MMTLS encryption. Finally, we hypothesize that WeChat’s double-layer encryption is a technical debt, and discuss the wider trend of Chinese apps rolling their own crypto. By: Pellaeon Lin | Researcher, Citizen Lab Mona Wang | Researcher, Citizen Lab Jeffrey Knockel | Senior Research Associate, Citizen Lab Full Abstract and Presentation Materials: https://www.blackhat.com/asia-25/briefings/schedule/#should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol-44148

Where is Waldo? You’ve probably experienced how challenging it can be to spot him in the popular illustrations shared on social media. But is determining a macOS user’s location just as difficult? This presentation will demonstrate that it’s surprisingly easy. We’ll begin by exploring the macOS privacy framework, focusing on why location services are treated as a distinct privacy subsystem. The talk will delve into how location permissions are stored on macOS and examine architectural weaknesses in the location database. We’ll also discuss the attack surface of location services, side-channel attacks, and techniques for obtaining non-precise location data. Building on this foundation, I will share insights into my previous and newly discovered vulnerabilities that lead to precise location data leaks. We’ll review Apple’s patches for these issues and outline directions for future research in this area. Finally, we’ll discuss how attackers might not even need macOS zero-days to compromise a user’s location. I’ll reveal how certain third-party macOS applications willingly share location data with any app that requests it. For blue teams, the talk will provide actionable detection strategies to mitigate these risks. Full Abstract Available: https://www.blackhat.com/asia-25/briefings/schedule/#who-cares-where-waldo-is-locating-macos-users-without-their-consent-44563

As the security protection mechanisms of the Windows operating system are constantly being proposed and applied, it is becoming increasingly difficult to find exploitable vulnerabilities on current Windows, especially vulnerabilities that can cause preauth 0-click RCE. But, is there really no such vulnerabilities? A few months ago, we conducted an in-depth analysis of the Windows Remote Desktop Services and we found several Preauth RCE vulnerabilities in the Remote Desktop Licensing Service, some of them will lead to unauthenticated non-sandboxed 0-click RCE. In this talk, we will explore the attack surface of the Remote Desktop Licensing Service, focusing on the newly identified vulnerability, CVE-2024-38077, which impacts all versions of Windows Server from 2003 to 2025. Despite Microsoft’s various fortifications to Windows for decades and we didn’t see preauth 0-click RCE in Windows for years, we still can exploit a single memory corruption vulnerability to complete the 0-click preauth RCE on Windows. We will then share our approach to bypassing all the mitigations on the latest Windows Server 2025 and build a 0-click preauth RCE exploit by using only CVE-2024-38077. By: Zhiniang Peng | Security Researcher, Cyber-Kunlun Ver | Security Researcher Zishan Lin | Security Researcher, Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#one-bug-to-rule-them-all-stably-exploiting-a-preauth-rce-vulnerability-on-windows-server-2025-44144

Unveiling the Mysteries of Qualcomm’s QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering This talk invites you on an exploration of advanced reverse engineering techniques applied to sophisticated proprietary hardware. Rather than focusing on well-known hands-on methods such as hardware decapsulation and schematic analysis, I will demonstrate how a unique combination of patent analysis, firmware reverse engineering, and theoretical modeling can unlock the intricacies of undocumented hardware technologies and their application semantics. Qualcomm’s QDSP6, also known as “Hexagon”, is a little-known mobile-first microarchitecture distinct from ARM and RISC-V. In fact, Hexagon chips power critical components like cellular modems and DSPs within Snapdragon processors, which, in turn, drive a significant portion of the smartphone market, including certain iPhone models. A proprietary real-time operating system named QuRT runs on Hexagon cores side-by-side with the main OS running on ARM cores, such as Android or iOS. Furthermore, Hexagon chips are notoriously secure; any debugging access is severely restricted, even for OEM partners, unless they have close relationships with the vendor. As an independent hacker, you can’t debug Hexagon cores at all, even with full hardware access to a Snapdragon development board. JTAG is the industry standard for low-level debugging of computer hardware, which is presumed to be available, to some extent, on every System-on-Chip. During my investigation into JTAG availability on Qualcomm SoCs as part of a privately funded research project, I discovered a more complex scenario. The entire hardware debugging ecosystem for QDSP6 is governed by ISDB (In-Silicon Debugger), a proprietary technology layered on top of JTAG. ISDB is the kind of mysterious technology that cannot be looked up on Google (excluding name collisions with ISDB-T, a TV broadcasting standard); it can only be faintly glimpsed through sparse mentions in Qualcomm’s technical specifications and a few obscure patents. I accepted the challenge to reverse engineer ISDB without touching hardware, which is the topic of this talk. A foundational understanding of assembly programming, low-level debugging, and binary reverse engineering will be helpful. By: Alisa Esage | Founder, Zero Day Engineering Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#unveiling-the-mysteries-of-qualcomms-qdsp6-jtag-a-journey-into-advanced-theoretical-reverse-engineering-44550

It’s coming, and you aren’t ready—your first generative AI chatbot incident. GenAI chatbots, leveraging LLMs, are revolutionizing customer engagement by providing real-time, automated 24/7 chat support. But when your company’s virtual agent starts responding inappropriately to requests and handing out customer PII to anyone who asks nicely, who are they going to call? You. You’ve seen the cool prompt injection attack demos and may even be vaguely aware of preventions like LLM guardrails; but are you ready to investigate and respond when those preventions inevitably fail? Would you even know where to start? It’s time to connect traditional investigation and response procedures with the exciting new world of GenAI chatbots. In this talk, you’ll learn how to investigate and respond to the unique threats targeting these systems. You’ll discover new methods for isolating attacks, gathering information, and getting to the root cause of an incident using AI defense tooling and LLM guardrails. You’ll come away from this talk with a playbook for investigating and responding to this new class of GenAI incidents and the preparation steps you’ll need to take before your company’s chatbot responses start going viral—for the wrong reasons. By: lyn Stott | Senior Staff Engineer, Airbnb Full Abstract Available: https://www.blackhat.com/asia-25/briefings/schedule/#tinker-tailor-llm-spy-investigate–respond-to-attacks-on-genai-chatbots-44556

JDD: In-depth Mining of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction Java serialization and deserialization facilitate cooperation between different Java systems, enabling convenient data and code exchange. However, a significant vulnerability known as Java Object Injection (JOI) allows remote attackers to inject crafted serialized objects, triggering internal Java methods (gadgets) and resulting in severe consequences such as remote code execution (RCE). Previous works have attempted to detect and chain gadgets for JOI vulnerabilities using static searches and dynamic payload construction via fuzzing. However, these methods face two key challenges: (i) path explosion in static gadget searches and (ii) a lack of fine-grained object relations connected via object fields in dynamic payload construction. – First, we will introduce a gadget fragment-based summary and bottom-up search approach to address the path explosion challenge. – Second, we will then demonstrate how to infer the dataflow dependencies between injection objects’ fields and use them to guide dynamic fuzzing to generate exploitable objects. We evaluate JDD upon six popular Java applications (e.g., Apache Dubbo, Sofa-RPC, Solon, etc) in their latest version, which finds 127 zero-day exploitable gadget chains with six Common Vulnerabilities and Exposures (CVE) identifiers assigned (i.e., CVE-2023-35839, CVE-2023-29234, CVE-2023-39131, CVE-2023-48967, CVE-2024-23636, and CVE-2023-41331). Each of these CVEs has a CVSS score of 9.8, indicating an extremely high risk of exploitation and the potential to cause significant security damage. Given the wide range of impacts and potential consequences of these vulnerabilities, the related developers patched all these gadget chains in a prompt and timely manner after we reported our findings. By: Bofei Chen | Ph.D Candidate, Fudan University Yinzhi Cao | Associate Professor, Johns Hopkins University Lei Zhang | Assistant Professor, Fudan University Xinyou Huang | Master’s Student, Fudan University Yuan Zhang | Professor, Fudan University Min Yang | Professor, Fudan University Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#jdd-in-depth-mining-of-java-deserialization-gadget-chains-via-bottom-up-gadget-search-and-dataflow-aided-payload-construction-44141

Windows Sandbox is a lightweight virtualization mechanism introduced in 2018, designed to provide an isolated desktop environment for quickly testing suspicious applications. However, this feature can also serve as a “magic cloak” for adversaries. In 2024, we observed an abuse of Windows Sandbox by the APT group Earth Kasha, believed to operate under the APT10 umbrella. After gaining control of the target machine via a backdoor named “ANEL,” delivered through a spear-phishing email, the adversary uploaded multiple components to deploy a secondary payload, dubbed “NOOPDOOR,” within Windows Sandbox. Initially, the adversary configured Windows Sandbox using a .wsb file to enable network access and map a host folder to a folder within the Sandbox, allowing access to host files from within the Sandbox. Next, they executed an installer script to extract NOOPDOOR components from a password-protected WinRAR archive and launched it inside the Sandbox. Additionally, the adversary leveraged the TOR application to obscure backdoor traffic originating from the Sandbox. These techniques helped the adversary conceal malicious activity from host-based EPP and EDR solutions. This presentation will cover the fundamentals of Windows Sandbox, provide a detailed analysis of the TTPs used for defensive evasion, and discuss actionable countermeasures for prevention and threat hunting. By: Hiroaki Hara | Senior Threat Researcher, Trend Micro Full Abstract and Presentation Materials Available: https://www.blackhat.com/asia-25/briefings/schedule/#think-inside-the-box-in-the-wild-abuse-of-windows-sandbox-in-targeted-attacks-44095

As AI reshapes the cyber terrain and presents new attack vectors, traditional threats like ransomware, scams and advanced persistent threats (APTs) remain a significant concern. In this keynote, Deputy Chief Executive Edward Chen will provide an in-depth look at Singapore’s evolving cyber threat landscape. He will also discuss the nation’s collective efforts – across government, industry and society – to combat both emerging and enduring cyber threats to Singapore. Open to all Black Hat Pass Holders. By: Edward Chen | Deputy Chief Executive, Cyber Security Agency of Singapore Full Abstract Available: https://www.blackhat.com/asia-25/briefings/schedule/#keynote-cyber-threats-in-the-age-of-ai-44612