Black Hat Europe 2025 | Stress-Testing SAST And LLMs On Modern Web Backends

Modern backends aren't C or legacy Java. They're FastAPI/Flask/Django and Express/NestJS/Next.js. Yet we still judge detection tools with sink-centric, synthetic benchmarks that ignore framework semantics. We built the Unsafe Code Detection Benchmark, a reproducible way to score both SAST and LLMs on intentionally vulnerable, minimal micro-apps across today's web frameworks. Our benchmark couples an open corpus with a single harness, unified ground truth and a failure-mode taxonomy mapped to CWE/OWASP. It measures precision/recall and cost/latency, controls for prompt/temperature variance and includes "appears-vulnerable-but-safe" scenarios to stress false-positives. Initial results may surprise: on source-proximate issues common in modern stacks (parameter merging/polllution, middleware/decorator-order authz bypasses, subtle type coercion), state-of-the-art general purpose LLMs outperform industry leading SASTs in their default configuration – a gap we trace to weak framework awareness and imprecise source modeling. The twist: with simple, framework-aware custom rules SAST surpasses LLMs, showing why deterministic, organization-specific rules remain a force multiplier. LLMs provide strong raw recall but exhibit prompt sensitivity and a tendency to conflate stylistic "best practices" with real vulnerabilities. Attendees will leave with a practical methodology and tooling to evaluate their own SAST and LLMs on modern stacks, concrete guidance to raise real-world detection rates and a lear path to extend and rerun the benchmark internally. We will release the benchmark specification, the harness for running selected SAST tools and LLMs as well as the open-source corpus. By: Andrew Konstantinov | Security Engineer Irina Iarlykanova | Student https://ift.tt/DR1Juzp

source https://www.youtube.com/watch?v=0v3pnoR8IyY

Black Hat Europe 2025 | Page Phantoms: Zero-IO, In-Memory Tampering Of The Linux Page Cache

In modern cyber defense, the combination of high-privilege VMI from a Host VMM and an in-guest EDR monitoring I/O paths forms a defense-in-depth architecture believed to be unbypassable. This presentation introduces "MGLRU Deceit," a novel kernel attack primitive that silently penetrates both layers of this defense. MGLRU Deceit abuses Linux's newest memory management mechanism—the Multi-Generational LRU (MGLRU), default since kernel 6.1. Rather than exploiting a vulnerability, the attack abuses a design feature: MGLRU's protection of hot data extends the residency time of critical pages in the page cache, creating a stable window for an attacker to locate and capture a target page. By manipulating page metadata, we can isolate a page from the kernel's reclaimer, enabling the hijacking and tampering of any file's in-memory content without modifying filesystem metadata. The attack operates entirely at the memory management layer, bypassing the VFS and block I/O stacks. The tampered page is never written back to disk; its filesystem association is later severed and it is returned to the buddy system as a clean page. This "zero-I/O footprint" evades EDRs and deceives VMI solutions that monitor struct inode integrity, as the attack only alters the file's data page, not its metadata. In our live demonstration, we will build a dual-defense target environment: a VMM memory monitor on the L1 host and a simulated EDR kernel module inside the L2 guest. We will first show both systems successfully detecting a conventional modification to the shadow file. We will then launch the MGLRU Deceit attack and witness both monitoring systems remain completely silent as we leverage the modified in-memory content of the shadow file to successfully gain root privileges. The technique presented is a practical, reproducible, and sophisticated method for bypassing defense-in-depth, usable by advanced malware. By: jia jia | Security Researcher https://ift.tt/QywtvEX

source https://www.youtube.com/watch?v=lyau-ZMGW98

Black Hat USA 2026 | Welcome Video

As the cybersecurity landscape grows more complex and rapidly evolving, threats continue to multiply, artificial intelligence is reshaping the foundations of security, and the stability of our digital infrastructure is more at risk than ever before. Black Hat brings together a global community of experts, innovators, and leaders united by one shared mission: to outpace emerging threats through collaboration, preparation, and real-world innovation. This welcome video offers a glimpse into what to expect during your time onsite, from world-class programming to opportunities for discovery, connection, and meaningful exchange. Whether you are here for the first time or returning as part of the community, you are part of a collective effort driving the future of cybersecurity.

source https://www.youtube.com/watch?v=OXsKQ8qPYjE

Black Hat Europe 2025 | China's Nexus APT Exploiting Ivanti Endpoint Manager Mobile

This session explores a targeted cyber espionage campaign by a China-nexus nation state APT group that exploited Ivanti Endpoint Manager Mobile (EPMM) to infiltrate critical sectors across Europe, including government, healthcare, telecom, and finance. The attackers chained CVE-2025-4427 and CVE-2025-4428 to exploit Java Expression Language injection and a misrouted API, achieving unauthenticated remote code execution on internet-facing Ivanti EPMM servers. From there, they established persistent remote access and moved laterally into Entra ID (Office 365) cloud environments. This talk draws on real world incident response and collaboration with European CERTs and NCSCs. Attendees will learn about the threat actor's tooling, TTPs, and cloud security, along with detection opportunities and practical steps to secure mobile management systems and hybrid environments against similar threats. By: Arda Büyükkaya | Senior Cyber Threat Intelligence Analyst, EclecticIQ https://ift.tt/2u1vENA

source https://www.youtube.com/watch?v=2GzydBBGdbg

Black Hat Europe 2025 | RMPocalypse: A Catch-22 Breaking AMDs Confidential Computing

AMD SEV-SNP offers confidential computing in form of confidential VMs, such that the untrusted hypervisor cannot tamper with its confidentiality and integrity. SEV-SNP, the latest addition, ensures integrity via the Reverse Map Table (RMP) that stops the hypervisor from tampering guest page mappings. AMD uses RMP entries to protect the rest of the RMP, thus causing a Catch-22 during the RMP setup phase. To address this, SEV-SNP relies on AMD's Platform Security Processor (PSP), that resides next to the x86 cores executing SEV-SNP VMs, to perform the RMP initialization. We present RMPocalypse, a novel attack that shows insufficiency during RMP initialization and exploits it to break not only integrity but also confidentiality guarantees of SEV-SNP. We demonstrate RMPocalypse by enabling debug on production-mode CVMs, faking attestation, VMSA state rollback, and code injection By: Benedict Markus Schlüter | PhD Student, ETH Zurich

source https://www.youtube.com/watch?v=ZSNvPyt6Wic

Black Hat Intercepted | James Holland, Palo Alto Networks

James Holland from the Office of the CTO at Palo Alto Networks shares insights from having attended around 14 Black Hat events, focusing on proactive threat detection and zero-day threat analysis. Learn how network operations centers identify emerging threats without relying on specific CVE knowledge, how firewalls provide critical visibility for zero-day attacks, and the essential role of XDR and EDR platforms in incident response and timeline reconstruction. Discover how Black Hat research enables security teams to build protection for entire classes of exploit techniques rather than chasing individual vulnerabilities. This community-driven approach helps the cybersecurity industry strengthen defenses against threat actors worldwide through shared knowledge and broader security strategies.

source https://www.youtube.com/shorts/o8ojdgF3YjM

Black Hat Europe 2025 | Taking Over Your Amazon Account With A Kindle

Amazon's Kindle is the most popular e-reader on the market, with an extensive ecosystem of e-books. From a security perspective, Kindle devices especially stand out because they are often linked to an Amazon account. Their complex software stack supports numerous e-book file formats (AZW, MOBI, PDF...), as well as many underlying media formats that increase the attack surface. As such, downloading an e-book from the store may allow an attacker to gain root access to the device, take control of the Amazon account, and steal credit card information. In this talk, we will dive into the internals of Kindle devices and discuss a $20,000 bug in the parsing of Audible audiobooks which allowed us to take full control of the e-reader. We will also share general insights on fuzzing file formats based on the MPEG-4 standard (ISOBMFF). By: Valentino Ricotta | Security Researcher, Thales https://ift.tt/YxPg8G5

source https://www.youtube.com/watch?v=YslYzj5f2es

Black Hat Europe 2025 | Ghosts in the Stream: Exposing Lives and Devices Behind Encrypted Doors

Strong encryption has infiltrated even the most basic battery-powered Internet of Things (IoT) gadgets. Thanks to the latest technological breakthroughs and standard developments – such as the Matter IoT standard – these tiny devices are now generating ephemeral Diffie-Hellman keys for every session, sign and encrypt messages, juggle certificate chains, and more. It sounds like IoT users can finally kick back, convinced their privacy is locked down. But not so fast. As this talk reveals, the rigid message structure of Matter traffic leaves it wide open to pattern-based snooping. Passive analysis can unmask exactly what devices lurk in a smart home and pinpoint user actions. Our data, pulled from a real-world office setup at Bitdefender in Targu Mures, Romania, shows that few traces of encrypted traffic are all it takes to identify sensors, actuators, door locks, and lamps. We could even track user movements: smart plugs toggling, locks clicking, lamps changing color. The kicker? Simple statistical techniques are enough to crack user behavior, all from encrypted traffic. With such analytical tools, it becomes possible to systematically reconstruct and reveal the daily routines of individual home users, as well as to uncover privacy-sensitive behaviors in organizational contexts, such as those of office employees working remotely in various environments. The talk also dives into why fixing this could be a real headache, since Matter's session protocol introduced versioning only starting with Matter version 1.3. The talk will take a deep dive into why these protocol design choices matter and why future standards should prioritize such aspects. By: Kristopher Schlett | Master's student, Eindhoven University of Technology Bela Genge | Senior Security Researcher, Bitdefender Ioan Padurean | Junior Security Researcher, Bitdefender Savio Sciancalepore | Senior Assistant Professor, Technische Universiteit Eindhoven (TU/e), Department of Mathematics and Computer Science (M&CS) https://ift.tt/0e1TQfL

source https://www.youtube.com/watch?v=1I8xo-tjJSs

Black Hat Europe 2025 | Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA

HarmonyOS NEXT marks Huawei's transition to a fully independent operating system, powering a growing ecosystem of mobile devices and applications. While adoption is accelerating, public research into its security architecture, and its implications for app developers and end users, remains minimal. This talk presents the results of a security assessment of HarmonyOS NEXT and its application ecosystem, combining a custom-built testing framework (Harm0nyz3r) with a purposely vulnerable application (Damn Vulnerable HarmonyOS Application – DVHA). Harm0nyz3r, inspired by Android security tools like Drozer, enables researchers to enumerate and interact with app IPC endpoints, fuzz abilities, and invoke hidden or restricted components. DVHA serves as a realistic playground, containing vulnerabilities such as insecure logging, hardcoded credentials, insecure data storage, SQL injection, command injection, and access control bypasses. We will walk through methodology, exploitation workflows, and real-world findings, including challenges posed by HarmonyOS NEXT's unique security model and differences from Android. Live demonstrations will show how Harm0nyz3r maps an application's attack surface, crafts malicious payloads, and successfully exploits vulnerabilities in DVHA — with clear takeaways for vulnerability discovery in production apps. Attendees will leave with a practical understanding of HarmonyOS NEXT app security, new offensive testing techniques for this emerging platform, and an appreciation of why mobile security research must expand beyond Android and iOS to address the next wave of global devices. By: Jorge Wallace | Cybersecurity Technical Leader, DEKRA https://ift.tt/UDduJcN

source https://www.youtube.com/watch?v=4xfSTNgy8UE

Black Hat Europe 2025 | Pickle Exploitation Techniques And Their Detection Using SaferPickle

Python's pickle format is a security minefield, yet it remains a cornerstone of modern AI/ML and data science workflows. While its dangers are well-known, the effectiveness of existing open-source scanners against sophisticated attacks has remained largely unexamined. In this talk we introduce five novel bypass techniques to defeat popular open-source scanners like Fickling, Modelscan and Picklescan. We will demonstrate how these tools can be tricked into classifying overtly malicious pickles as safe. To combat these threats, we propose SaferPickle, a new open-source library. This library enhances the pickle format's security at runtime through transparent hardening. We will present its robust, multi-layered scanning engine, which integrates behavioral analysis, direct opcode inspection, and an intelligent module resolution system capable of securely reconstructing malicious calls from fragmented code. Finally, we'll share our journey of deploying SaferPickle to protect ML workloads at Google and integrating it as the first-ever pickle scanner in VirusTotal. Attendees will leave with knowledge of bypass techniques, a new open-source tool and experience of how to harden the ML supply chain against one of its most persistent threats. By: George Litvinov | Security Engineer, Google Andrew Johnston | Senior Security Engineer, Google https://ift.tt/rmJUbLh

source https://www.youtube.com/watch?v=hWc1P_yYrkY

Black Hat Europe 2025 | Habemus Securitas - Exploring Apple's Hidden Territories

With the Secure Page Table Monitor (SPTM) and Exclaves, Apple has introduced a broad spectrum of new memory protection mechanisms over the past few years, realized through their Guarded Execution Feature (GXF). Currently, there is little public discussion on piecing these mechanisms together and exploring the broader implications of XNU compartmentalization. In this talk, we will delve into the inner workings of SPTM, exploring how its services are utilized by XNU and other secure world clients, namely the Secure Kernel (SK), Trusted Execution Monitor (TXM), and Exclaves, and the contributions they make to system and memory security. To achieve this, we analyze the underlying SPTM functionality, with a focus on memory frame typing, page mapping, and the implemented rulesets governing iOS memory mapping across newly introduced SPTM security domains. By: Moritz Steffin | Master's Student, Hasso Plattner Institute, University of Posdam https://ift.tt/RphTtXI

source https://www.youtube.com/watch?v=rQnu_0aPQY0