Black Hat USA 2025 | Kernel-Enforced DNS Exfiltration Security

Kernel-Enforced DNS Exfiltration Security: Framework Built for Cloud Environments to Stop Data Breaches via DNS at Scale DNS-based data exfiltration via C2 channels and DNS tunneling is a critical cybersecurity challenge, as DNS is a foundational protocol that must remain open on firewalls. Attackers now use DNS not just for exfiltration, but to establish backdoors, execute remote commands, and maintain persistent control over compromised systems. With the evolving scale of C2 infrastructure—leveraging multiplayer C2 modes and botnets—real-time prevention becomes significantly more complex, especially when aiming for zero data loss and accurate process-level implant termination at the endpoint. Traditional defenses rely heavily on timing and volume-based passive anomaly detection, signature-based filtering, or DPI through proxies and middleware. These approaches are increasingly ineffective against evasive C2 threats. They suffer from delayed detection, longer dwell time, greater data loss before threat removal, and slow response. Most fail to handle DGAs, where attackers constantly mutate domains (L7) and IPs (L3) to evade static blacklists, and they still lack support for instantaneous implant termination. This framework is built to disrupt DNS-based C2 channels and DNS tunnelling at scale by moving DNS exfiltration security directly into the Linux kernel. Using eBPF-driven endpoint security enforcement, the framework runs advanced threat intelligence across the entire kernel network stack and mandatory access control layer, performing high-speed DPI by parsing the DNS protocol directly inside the kernel. Aided by a userspace deep learning model trained on diverse DNS payload obfuscation techniques, it enhances detection accuracy and enables dynamic runtime enforcement. It instantaneously prevents DNS C2 channels and tunneling, ensuring that no exfiltrated packets ever leave the endpoint — and precisely threat-hunts and kills malicious C2 implant processes in real time. It inherently supports dynamic domain blacklisting, dynamic in-kernel network policy creation, and threat event streaming, enabling massive scalability for real production cloud environments. By: Vedang Parasnis | Cloud Platform Software Engineer | Linux Kernel Datapath Security Researcher Full Presentation Materials Available at: https://ift.tt/k9GiP7y

source https://www.youtube.com/watch?v=Yh9C1Xn_ixo

Black Hat USA 2025 | Burning, Trashing, Spacecraft Crashing

Burning, Trashing, Spacecraft Crashing: A Collection of Vulnerabilities That Will End Your Space Mission The frequency of space missions has been increasing in recent years, raising concerns about security breaches and satellite cyber threats. Each space mission relies on highly specialized hardware and software components that communicate through dedicated protocols and standards developed for mission-specific purposes. Numerous potential failure points exist across both the space and ground segments, any of which could compromise mission integrity. Given the critical role that space-based infrastructure plays in modern society, every component involved in space missions should be recognized as part of critical infrastructure and afforded the highest level of security consideration. This Briefing highlights a subset of vulnerabilities that we identified within the last couple of years across both ground-based systems and onboard spacecraft software. We will provide an in-depth analysis of our findings, demonstrating the impact of these vulnerabilities by showing our PoC exploits in action—including their potential to grant unauthorized control over targeted spacecraft. Additionally, we will show demonstrations of the exploitation process, illustrating the real-world implications of these security flaws. By: Andrzej Olchawa | Offensive Security Researcher, VisionSpace Technologies GmbH Milenko Starcik | Head of Cyber Security, VisionSpace Technologies GmbH Ricardo Fradique | Cybersecurity Engineer, VisionSpace Technologies GmbH Ayman Boulaich | Cybersecurity Intern, VisionSpace Technologies GmbH Presentation Materials Available at: https://ift.tt/Q9tzZXw

source https://www.youtube.com/watch?v=uLZab4pe4X0

Black Hat USA 2025 | Universal and Context-Independent Triggers for Precise Control of LLM Outputs

In this talk, we will introduce a novel gradient-based prompt-injection technique that can generate universal triggers to manipulate open-source Large Language Model (LLM) outputs. While previous attacks often depend heavily on prompt context or require multiple iterations to fully control the model's behavior, our method discovers "universal and context-independent triggers" that force the LLM to produce precisely crafted, attacker-chosen text—regardless of the original prompt or task. We will outline how these triggers are discovered via discrete gradient descent on extensive and diverse instruction datasets. Our demonstrations will show how such triggers can be applied to attack open source LLM applications to achieve remote code execution. Furthermore, we will discuss the substantial threats posed by such attacks to LLM-based applications, highlighting the potential for adversaries to take over the decisions and actions made by AI agents. By: Jiashuo Liang | Researcher, Tencent Xuanwu Lab Guancheng Li | Researcher, Tencent Xuanwu Lab Presentation Materials Available at: https://ift.tt/ohBlzRK

source https://www.youtube.com/watch?v=W8zzpTGVHRE

Black Hat USA 2025 | Decoding Signal: Understanding the Real Privacy Guarantees of E2EE

In this talk, we will explore the security foundations of Signal, one of the commonly used end-to-end encrypted (E2EE) messaging applications. As an application security engineer, I'll guide the audience through the inner workings of Signal, including the Double Ratchet protocols that provide forward and backward secrecy, while also highlighting risks, including a real 0-click vulnerability. We'll begin with an overview of Signal's architecture, examining its client-server model and how its unique tech stack, particularly the use of Rust, reduces memory corruption vulnerabilities in the Signal protocol. Next, we'll dive into Signal's 1:1 messaging system, breaking down key cryptographic protocols like Double Ratchet and Sealed Sender, which enable various privacy guarantees. A key challenge in E2EE applications, including Signal, is securely and privately synchronizing messages across linked devices. I'll discuss how Signal approaches this and present a critical vulnerability I found in this system, along with the fix implemented. This talk will provide you with a comprehensive understanding of Signal's security mechanisms and encourage you to engage with its open-source community to further enhance its security. By: Ibrahim El-sayed | Security Engineer Presentation Materials Available at: https://ift.tt/t8PpRQT

source https://www.youtube.com/watch?v=CxnBO2gxMyI

Black Hat Stories | Or Yair, Security Research Team Lead at SafeBreach

In this episode of Black Hat Stories, we sit down with Or Yair, the Security Research Team Lead at SafeBreach. With multiple years of experience attending Black Hat — including presenting at Black Hat Europe 2025 — Or shares his unique perspective on vulnerability research, curiosity, and the real purpose of the Black Hat community. For the past five years, Or has focused on vulnerability research in the Windows environment and third‑party components. He describes the research process as unpredictable and challenge‑driven — “like living in an escape room” — where success is never guaranteed, but the chase is part of the thrill. Or also highlights what makes Black Hat truly shine: its ability to bring impact to the security industry. By attending talks on topics he wouldn’t normally explore, he gains insights that lead to faster breakthroughs and stronger research down the line. 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/p0QMV61 #BlackHatStories #BHEU #BlackHat #cybersecurity

source https://www.youtube.com/watch?v=rNtuyrXPIc0

Black Hat USA 2025 | Ghost Calls: Abusing Web Conferencing for Covert Command & Control

Red team operators frequently struggle with establishing interactive command and control (C2) over traditional C2 channels. While long-term covert channels are well-suited for stealthy, persistent communication, they often lack the bandwidth or real-time responsiveness needed for operations such as SOCKS proxying, layer two pivoting, relaying attacks, or hidden VNC sessions. Attempting to use traditional C2 mechanisms for these activities in a well-monitored network can be slow, conspicuous, and easily detected. Our research explores the use of real-time communication protocols as a short-term, high-speed C2 channel that seamlessly complements a covert long-term C2 infrastructure. Specifically, we leverage web conferencing protocols, which are designed for real-time, low-latency communication and operate through globally distributed media servers that function as natural traffic relays. This approach allows operators to blend interactive C2 sessions into normal enterprise traffic patterns, appearing as nothing more than a temporarily joined online meeting. Any enterprise reliant on collaboration suites could be exposed to these vectors, making it a critical concern across industries. In this presentation, we introduce TURNt, an open-source tool that enables covert traffic routing through media servers hosted by web conferencing providers. These media servers offer a unique advantage: vendors frequently recommend whitelisting their IP addresses and exempting them from TLS inspection, significantly reducing the risk of detection. TURNt allows red team operators to maintain persistent, stealthy communication via traditional C2 while activating high-bandwidth interactive sessions for short, one-to-two-hour periods—mimicking legitimate conferencing activity. We will demonstrate how this technique can be integrated into existing red team operations, discuss the trade-offs and detection risks, and explore countermeasures defenders can implement to identify and mitigate this emerging technique. Attendees will learn how to stealthily blend short-term, interactive C2 into existing red team operations and how to detect/mitigate these techniques defensively. By: Adam Crosser | Staff Security Engineer, Praetorian Full Presentation Materials Available at: https://ift.tt/OqwQJZj

source https://www.youtube.com/watch?v=V9znA01MqUc

Black Hat USA 2025 | Practical Attacks on Nostr, a Decentralized Censorship-Resistant Protocol

Nostr is an emerging open-source, decentralized social networking protocol with over 1.1 million users—and a critical blind spot in its security design. While decentralized architectures promise resilience and user control, rigorous real-world security analyses remain uncommon in this space. In this session, we unveil the first comprehensive security study of Nostr and its popular client applications, demonstrating how subtle flaws in cryptographic design, event verification, and link previews allow an attacker to forge "encrypted" direct messages (DMs), impersonate user profiles, and even leak the confidential message from "encrypted" DMs. We also show how a lack of signature checks in many clients—whether due to outright skipped verification or a TOCTOU caching flaw—enables effortless data tampering. Even a single oversight can escalate from simple forgery to full-blown confidentiality breaches. Far from theoretical, our proof-of-concept attacks target widely used clients—one with over 100,000 downloads—and systematically bypass the platform's intended privacy and authentication controls. We'll share how you can replicate these exploits with minimal setup, explain how loosely defined specifications in a decentralized protocol can introduce critical weaknesses, and outline both immediate mitigation steps and best practices for cryptographically sound design. By revealing these cracks in a widely touted "censorship-resistant" system, we aim to jumpstart a more rigorous approach to securing decentralized social platforms—before attackers go mainstream with the vulnerabilities we've uncovered. By: Hayato Kimura | Researcher, National Institute of Information and Communications Technology / The University of Osaka Ryoma Ito | Senior Researcher, National Institute of Information and Communications Technology Kazuhiko Minematsu | Research Fellow, NEC Corporation Shogo Shiraki | Independent Researcher, University of Hyogo Takanori Isobe | Professor, The University of Osaka Presentation Materials Available at: https://ift.tt/hrA04kE

source https://www.youtube.com/watch?v=O97xhyHFSsw

Black Hat USA 2025 | Uncovering and Responding to the tj-actions Supply Chain Breach

When 'Changed Files' Changed Everything: Uncovering and Responding to the tj-actions Supply Chain Breach What began as a routine CI/CD run quickly uncovered a disturbing reality: the popular tj-actions/changed-files GitHub Action, used by 23,000+ repositories including those from NVIDIA, Meta, Microsoft and other tech giants, had been weaponized to exfiltrate secrets. This presentation dissects how one of the most consequential supply chain attacks of 2025 unfolded and was ultimately contained. On March 14, 2025, at 1:01 PM PT, we detected an anomalous outbound network connection to gist.githubusercontent.com from a pipeline run. This single alert led to the discovery that attackers had redirected all tags of the tj-actions/changed-files GitHub Action to point to a single malicious commit. The compromised action dumped CI/CD credentials from memory and exposed them directly in build logs – requiring no additional exfiltration channels. We'll demonstrate how the attackers leveraged a previous compromise of the reviewdog GitHub Action to gain access to tj-actions, showcasing an emerging pattern of "chained" supply chain attacks. We will share actionable logic and methodologies to detect future CI/CD supply chain attacks by flagging deviations from established patterns of normal network activity - techniques that succeeded where traditional signature-based security failed against this sophisticated breach. The presentation examines the real-world challenges faced by affected organizations: from identifying instances of the compromised action across their codebases, hunting for exposed credentials in build logs, determining which secrets required rotation, and implementing alternatives after the original action was temporarily removed. Through a live demonstration, attendees will witness both the attack mechanics and how organizations navigated these complex recovery scenarios with limited tooling and information. Security professionals and developers will leave with concrete strategies to identify and mitigate similar supply chain compromises in their own CI/CD environments, where traditional indicators of compromise are deliberately minimized and trusted tools are weaponized against their users. By: Varun Sharma | CEO, StepSecurity Ashish Kurmi | CTO, StepSecurity Presentation Materials Available at: Varun Sharma | CEO, StepSecurity Ashish Kurmi | CTO, StepSecurity

source https://www.youtube.com/watch?v=-BCngzJC1Rc

Black Hat USA 2025 | Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years

VMware ESXi appears to be increasingly secure, as indicated by fewer CVEs and 0 success at Pwn2Own. However, on March 4 this year, VMware disclosed three critical vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) that enable ESXi virtual machine escape and have been confirmed to be exploited in the wild. This brings attention back to VMware ESXi, raising questions about the security of this influential commercial virtualization platform and the cost of breaking it. Our team successfully demonstrated a VMware ESXi VM escape at the Tianfu Cup in late 2023, winning both the championship and the Most Valuable Product Crack Award. This was the only publicly demonstrated VMware ESXi VM escape since 2021. In this presentation, we will disclose the vulnerabilities (CVE-2024-22252, CVE-2024-22254) we discovered and demonstrated at the Tianfu Cup. More importantly, we found that the root cause of one vulnerability (CVE-2024-22252) is darker than imagined—it stemmed from a previously failed patch, leaving the flaw present in all VMware hypervisor products (Workstation, Fusion, ESXi) for two years. We will reveal its connection to historical vulnerabilities, how VMware attempted to fix it, and how it continued to exist and hide for two years until we discovered and reported it. We will also share our exploitation methodology for ESXi VM escape, which will be the only ESXi VM escape exploitation disclosure since 2021. We leveraged the URB we shared in "URB Excalibur: The New VMware All-Platform VM Escapes," along with some new primitives. A full ESXi VM escape also requires a sandbox bypass attack on the ESXi system. We will analyze the relevant attack surfaces in detail and how to achieve privilege escalation through kernel vulnerabilities. Finally, we will analyze the three vulnerabilities exploited in the wild disclosed by VMware in March, and evaluate whether they have been properly fixed this time. By: Yuhao Jiang | Security Researcher, Ant Group Xinlei Ying | Security Researcher, Ant Group Ziming Zhang | Security Researcher, Ant Group Full Presentation Materials Available at: https://ift.tt/guKQrz5

source https://www.youtube.com/watch?v=MhQmaK8Zsfw

Black Hat USA 2025 | More Flows, More Bugs: Empowering SAST with LLMs and Customized DFA

Static Application Security Testing (SAST) plays a significant role in modern vulnerability discovery. For example, GitHub uses CodeQL to scan repositories. However, our analysis of over 100 real-world vulnerabilities has revealed that its detection performance is limited by two main factors: 1) incomplete source and sink coverage in built-in propagation rules, and 2) disruptions in data flow due to insufficient support for certain language features. In this talk, we will introduce a framework to empower SAST tools' capabilities to identify previously undetectable vulnerabilities and new CVEs. First, we will demonstrate how to leverage Large Language Models (LLMs) to automatically identify sources and sinks from open-source frameworks. Second, we will introduce the implementation principles of CodeQL's Data Flow Analysis (DFA). By developing patches for the DFA's QL language library, we have addressed language feature challenges, including Java reflection handling, partial native method support, and value passing model optimization. Our enhancements support 191 sources and sinks across 18 frameworks. Through comprehensive verification of over 5,000 repositories, we identified a more than 15% increase in data flows when utilizing existing rules, compared to results without the enhancements. Additionally, we reproduced over 50 historical CVEs that were undetectable by the original CodeQL due to a lack of language features support. Our research also uncovered 5 new CVEs (e.g., CVE-2024-45387) that the original CodeQL could not detect. We believe our work will greatly empower the detection capabilities of SAST tools. By: Yuan Luo | Senior Security Engineer, Tencent Security YunDing Lab Zhaojun Chen | Senior Security Engineer, Tencent Security YunDing Lab Yi Sun | Senior Security Engineer, Tencent Security YunDing Lab Rhettxie Rhettxie | Senior Security Engineer, Tencent Security YunDing Lab Presentation Materials Available at: https://ift.tt/Qm8jV0O

source https://www.youtube.com/watch?v=Zp0x-cfClPY

Black Hat Asia 2026 Welcome Video

We’re delighted to have you join us for what promises to be an unforgettable experience. Before you dive into the action, make sure to check out our Welcome Guide—your go-to resource for everything you need to navigate the event with confidence. From on-site logistics and scheduling updates to On-Demand Access and exclusive programs, this guide is packed with essential information to elevate your on-site experience. Whether you’re a returning veteran or attending for the first time, this guide will help you make the most of your time at Black Hat. Join the conversation and get real-time updates by following and using #BHASIA on social media. #cybersecurity

source https://www.youtube.com/watch?v=4c01ksgAffk