Black Hat USA 2025 | LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame

Vulnerability discovery traditionally relies on two primary approaches: manual auditing and fuzzing. Each method possesses distinct strengths and inherent limitations. Manual auditing is good at identifying complex logic flaws due to its reliance on deep contextual understanding and expert insight, ensuring comprehensive analysis; however, this method is labor-intensive, time-consuming, and heavily dependent on specialized knowledge. Conversely, fuzzing offers automation, scalability, and efficiency, yet it may overlook vulnerabilities that require intricate semantic comprehension or encounter limitations in scenarios where fuzzing is infeasible. Recent advancements in artificial intelligence have created opportunities to bridge the gap between the precision of manual auditing and the scalability of fuzzing, paving the way for more sophisticated vulnerability discovery tools. In this presentation, we will introduce our LLM-powered automated binary vulnerability discovery tool, which integrates LLM reasoning capabilities with established static analysis and dynamic debugging methods. Despite its experimental approach, our tool demonstrates exceptional efficiency and effectiveness in identifying vulnerabilities. We will illustrate the effectiveness of this approach through our application to Samsung's remote attack surface, successfully uncovering multiple sophisticated memory corruption vulnerabilities. This significant achievement secured us the Rank 1 position in the 2024 Hall of Fame for vulnerability research. By: Qinrun Dai | Independent Researcher, Yifei Xie | Independent Security Researcher/Student Presentation Materials Available at: https://ift.tt/HISLJxl

source https://www.youtube.com/watch?v=WVjnipkKp4U

Black Hat USA 2025 | Leveraging Jamf for Red Teaming in Enterprise Environments

During the preceding year, SpecterOps has had a surprising amount of success leveraging Jamf APIs to laterally move and execute code on managed macOS systems in mature Fortune 500 client environments with multiple name-brand security products in use. Much of this is due to a lack of awareness among defenders regarding the impacts a compromised Jamf account can have on their organization. Come learn the details of Jamf exploitation techniques available to threat actors and employed by SpecterOps during the preceding year, performing red team assessments of Fortune 500 client organizations to execute reconnaissance and lateral movement undetected. SpecterOps will share the processes they employ upon gaining access to Jamf administrators or service accounts to leverage APIs to accomplish objectives targeting macOS while evading detections in mature environments. Demonstrations will be included of newly available open-source tooling introduced to automate the attack paths described. The presentation will end with recommendations to prevent and detect the actions performed for onsite or cloud hosted Jamf tenants. By: Lance Cain | Service Architect - Consulting Services, SpecterOps, Inc. Daniel Mayer | Consultant - Adversary Simulation, SpecterOps, Inc. Presentation Materials Available at: https://ift.tt/nGwZoVp

source https://www.youtube.com/watch?v=IDFeNbz2lI4

Behind Every Badge Is a Story | Meet Or Yair, Security Research Team Lead at SafeBreach

Meet Or Yair, Security Research Team Lead at SafeBreach. Or reveals what makes Black Hat essential: a community that drives real impact, shares cutting-edge research, and accelerates breakthroughs across the security industry. 🎥 Watch the full story: https://youtu.be/rNtuyrXPIc0?si=zgkZJsWfJQWImoM3 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/V0eDtd4 #BlackHatStories #BHEU #BlackHat #cybersecurity

source https://www.youtube.com/shorts/pf98Pf-fAX4

Black Hat USA 2025 | 2 Cops 2 Broadcasting: TETRA End-To-End Under Scrutiny

In this talk, we will present the first public security analysis of TETRA end-to-end encryption (E2EE) used for the most sensitive communications - such as those by intelligence agencies and special forces. In all-new material, we present seven security vulnerabilities pertaining to TETRA and its E2EE, three of which are critical. TETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities. While we previously reverse-engineered and published the then-secret algorithms underpinning TETRA cryptography, the vendor-proprietary E2EE solution (which enjoys significant end-user trust) intended for the most critical use cases remained undisclosed and proved quite hard to obtain. Given the opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers), we decided to undertake the effort of reverse-engineering a TETRA E2EE solution. We did this by extracting it from a popular Sepura radio and discovering several critical 0-day vulnerabilities in the radio in the process, presenting additional key extraction and covert implanting vulnerabilities. We will publish the E2EE design along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits. In addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us. Finally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks. By: Carlo Meijer | MSc, Midnight Blue Wouter Bokslag | MSc, Midnight Blue Jos Wetzels | MSc, Midnight Blue Full Session Details Available at: https://ift.tt/J9qIkXg

source https://www.youtube.com/watch?v=oUhb2tTgmgg

Black Hat USA 2025 | Bypassing PQC Signature Verification with Fault Injection

Post-quantum cryptographic (PQC) algorithms are being integrated into firmware, bootloaders, and other embedded systems as a replacement for RSA and ECC. While these schemes are designed to resist quantum attacks, their implementations remain vulnerable to classical fault injection techniques. This talk presents practical voltage fault injection attacks on three major PQC signature schemes: Dilithium, XMSS, and SPHINCS+. By targeting signature verification logic — including challenge generation, bit shifts, and checksum validation — we demonstrate how to forge valid signatures without breaking the underlying cryptographic primitives. All attacks are performed on real microcontroller hardware using open-source PQC libraries running on bare metal. We also show how shared components like WOTS+ introduce common vulnerabilities across XMSS and SPHINCS+, exposing a broader attack surface. This work highlights how fault injection continues to be effective, even against modern cryptography, and the ever-present need for effective countermeasures for implementation-level threats. By: Fikret Garipay | Security Engineer, Keysight Device Security Testing Presentation Materials Available at: https://ift.tt/nelXRIS

source https://www.youtube.com/watch?v=JS30uepSuMo

Black Hat USA 2025 | The 5G Titanic

5G networks are designed with advanced protections to counter interception, fraud, and denial-of-service attacks. But what happens when an attacker leverages legitimate protocol semantics to navigate beyond intended security boundaries? This talk presents a new class of attacks that exploit subtle flaws in the design and deployment of 5G user plane architecture. Through hands-on evaluation across multiple commercial and open-source 5G cores, we demonstrate how trust assumptions in user-plane traffic can be broken—enabling communication with otherwise unreachable core systems. The findings expose limitations in current protections and call for a reexamination of user plane trust in 5G architectures. By: Altaf Shaik | Senior Researcher, Fast IoT and TU Berlin Robert Jaschek | MS Student in Computer Science, TU Berlin Presentation Materials Available at: https://ift.tt/UFdEQBq

source https://www.youtube.com/watch?v=AZ4y3ODsVW4

Black Hat USA 2025 | AI Agents for Offsec with Zero False Positives

Large language models are increasingly helping to automate vulnerability discovery and exploit development in real-world software. However, naïvely asking LLMs to identify vulnerabilities leads to a deluge of false positives that can drown out real findings. In this talk, we will present techniques that enable AI agents to find vulnerabilities at scale, fully autonomously and with zero false positives. The key to our approach is developing robust exploit validators that can conclusively determine whether an exploit claimed by the agent is real, allowing the agent to make arbitrarily many attempts without increasing the amount of human effort needed to review the results. Using these techniques, we were able to test thousands of web apps found on Docker Hub, identifying over 200 zero days and obtaining multiple CVEs. By: Brendan Dolan-Gavitt | AI Researcher, XBOW Presentation Materials Available at: https://ift.tt/E54PUk7

source https://www.youtube.com/watch?v=8voNmYCUXSk

Black Hat USA 2025 | Protecting Small Organizations in the Era of AI Bots

Small organizations, startups, and self-hosted servers face increasing strain from automated web crawlers and AI bots, whose online presence has increased dramatically in the past few years (2024 Impreva, Bad Bot Report). Modern bots evade traditional throttling and can degrade server performance through sheer volume even when they are well-behaved. Current tools which use public, shared blocklists for detection quickly go out of date, with one study indicating that 87% of new attacks are not on such lists (Li et al. 2021, Good Bot, Bad Bot). Our interest is in detecting any mechanical access patterns, whether well behaved or malicious, and distinguishing those from human patterns. We introduce an open source, command line tool, Logrip, and a novel security approach that leverages data visualization and hierarchical IP hashing to analyze historic server event logs, distinguishing human users from automated entities based on access patterns. By aggregating IP activity across subnet classes and applying novel statistical measures related to non-human behavior, our method detects coordinated bot activity and distributed crawling attacks that conventional tools fail to identify. Using a real world case study, we estimate that 80–95% of traffic in our examples originates from AI crawlers, underscoring the need for improved filtering mechanisms. Our tools are made open source to enable small organizations to regulate automated traffic effectively, preserving public human access by mitigating performance degradation. By: Rama Hoetzlein | Founder, Quanta Sciences Presentation Materials Available at: https://ift.tt/U1Ssv8j

source https://www.youtube.com/watch?v=S5DJtN1FDYo

Black Hat USA 2025 | Kernel-Enforced DNS Exfiltration Security

Kernel-Enforced DNS Exfiltration Security: Framework Built for Cloud Environments to Stop Data Breaches via DNS at Scale DNS-based data exfiltration via C2 channels and DNS tunneling is a critical cybersecurity challenge, as DNS is a foundational protocol that must remain open on firewalls. Attackers now use DNS not just for exfiltration, but to establish backdoors, execute remote commands, and maintain persistent control over compromised systems. With the evolving scale of C2 infrastructure—leveraging multiplayer C2 modes and botnets—real-time prevention becomes significantly more complex, especially when aiming for zero data loss and accurate process-level implant termination at the endpoint. Traditional defenses rely heavily on timing and volume-based passive anomaly detection, signature-based filtering, or DPI through proxies and middleware. These approaches are increasingly ineffective against evasive C2 threats. They suffer from delayed detection, longer dwell time, greater data loss before threat removal, and slow response. Most fail to handle DGAs, where attackers constantly mutate domains (L7) and IPs (L3) to evade static blacklists, and they still lack support for instantaneous implant termination. This framework is built to disrupt DNS-based C2 channels and DNS tunnelling at scale by moving DNS exfiltration security directly into the Linux kernel. Using eBPF-driven endpoint security enforcement, the framework runs advanced threat intelligence across the entire kernel network stack and mandatory access control layer, performing high-speed DPI by parsing the DNS protocol directly inside the kernel. Aided by a userspace deep learning model trained on diverse DNS payload obfuscation techniques, it enhances detection accuracy and enables dynamic runtime enforcement. It instantaneously prevents DNS C2 channels and tunneling, ensuring that no exfiltrated packets ever leave the endpoint — and precisely threat-hunts and kills malicious C2 implant processes in real time. It inherently supports dynamic domain blacklisting, dynamic in-kernel network policy creation, and threat event streaming, enabling massive scalability for real production cloud environments. By: Vedang Parasnis | Cloud Platform Software Engineer | Linux Kernel Datapath Security Researcher Full Presentation Materials Available at: https://ift.tt/k9GiP7y

source https://www.youtube.com/watch?v=Yh9C1Xn_ixo

Black Hat USA 2025 | Burning, Trashing, Spacecraft Crashing

Burning, Trashing, Spacecraft Crashing: A Collection of Vulnerabilities That Will End Your Space Mission The frequency of space missions has been increasing in recent years, raising concerns about security breaches and satellite cyber threats. Each space mission relies on highly specialized hardware and software components that communicate through dedicated protocols and standards developed for mission-specific purposes. Numerous potential failure points exist across both the space and ground segments, any of which could compromise mission integrity. Given the critical role that space-based infrastructure plays in modern society, every component involved in space missions should be recognized as part of critical infrastructure and afforded the highest level of security consideration. This Briefing highlights a subset of vulnerabilities that we identified within the last couple of years across both ground-based systems and onboard spacecraft software. We will provide an in-depth analysis of our findings, demonstrating the impact of these vulnerabilities by showing our PoC exploits in action—including their potential to grant unauthorized control over targeted spacecraft. Additionally, we will show demonstrations of the exploitation process, illustrating the real-world implications of these security flaws. By: Andrzej Olchawa | Offensive Security Researcher, VisionSpace Technologies GmbH Milenko Starcik | Head of Cyber Security, VisionSpace Technologies GmbH Ricardo Fradique | Cybersecurity Engineer, VisionSpace Technologies GmbH Ayman Boulaich | Cybersecurity Intern, VisionSpace Technologies GmbH Presentation Materials Available at: https://ift.tt/Q9tzZXw

source https://www.youtube.com/watch?v=uLZab4pe4X0

Black Hat USA 2025 | Universal and Context-Independent Triggers for Precise Control of LLM Outputs

In this talk, we will introduce a novel gradient-based prompt-injection technique that can generate universal triggers to manipulate open-source Large Language Model (LLM) outputs. While previous attacks often depend heavily on prompt context or require multiple iterations to fully control the model's behavior, our method discovers "universal and context-independent triggers" that force the LLM to produce precisely crafted, attacker-chosen text—regardless of the original prompt or task. We will outline how these triggers are discovered via discrete gradient descent on extensive and diverse instruction datasets. Our demonstrations will show how such triggers can be applied to attack open source LLM applications to achieve remote code execution. Furthermore, we will discuss the substantial threats posed by such attacks to LLM-based applications, highlighting the potential for adversaries to take over the decisions and actions made by AI agents. By: Jiashuo Liang | Researcher, Tencent Xuanwu Lab Guancheng Li | Researcher, Tencent Xuanwu Lab Presentation Materials Available at: https://ift.tt/ohBlzRK

source https://www.youtube.com/watch?v=W8zzpTGVHRE