Black Hat Europe 2025 | The Fragile Lock: Novel Bypasses For SAML Authentication

SAML2 has been the backbone of enterprise single sign-on for over 20 years. Behind its familiar facade lies a chaotic mix of legacy specifications, fragile XML processing, and false assurances of security. Despite endless patches and best practices, the protocol continues to collapse under the weight of its own complexity. In this talk, I will show you how to bypass authentication using subtle flaws in XML handling. I will introduce several previously unpublished techniques that enable the crafting of reliable, stealthy exploits against SAML implementations that appear secure on the surface. I will also release an open-source toolkit designed to identify and exploit these vulnerabilities in real-world SAML deployments. It is time to stop patching the unpatchable and start questioning the protocol itself. By: Zak Fedotkin | Researcher, PortSwigger https://ift.tt/D4o6VIw

source https://www.youtube.com/watch?v=o5KpYzbQYG0

Black Hat Europe 2025 | Why We Can't Retrofit Old Security Principles Onto AI Agents

Traditional security relies on axioms like separating code from data, but LLM-based agents blur these lines by treating user prompts and untrusted external content as identical semantic inputs. Dr. Ilia Shumailov argues that current defenses are fundamentally flawed: adaptive attacks bypass standard guardrails with over 90% success, and existing red-teaming incentives often perpetuate vulnerabilities rather than fixing them. This session presents a breakthrough alternative—deployment architectures that fix prompt injections by design and scale to support complex Web and Computer Use Agents. Discover how to move beyond fragile detection models toward systems with provable security against control-flow injections and verifiable security against data-flow attacks for the next generation of autonomous agents. By: Ilia Shumailov | PhD in Computer Science from the University of Cambridge https://ift.tt/t9mGWCQ

source https://www.youtube.com/watch?v=HGCwYIUgoKc

Black Hat Intercepted | Mike Spicer, Black Hat NOC Lead

Meet Mike Spicer (aka DarkMatter), a NOC lead at Black Hat, revealing how the team detected and tracked down a compromised attendee during the conference. When a device connected to the network and started communicating with a known malicious source, an alert was triggered among hundreds of thousands of events. The team conducted a deep dive analysis, examining packet types and communication patterns to identify the threat actor through behavioral analysis. Using open-source intelligence techniques, the team fingerprinted the network communication, pieced together the digital breadcrumbs, and matched the activity to a registered attendee. The team successfully made contact to help secure the compromised device.

source https://www.youtube.com/shorts/ddpZoTcvGmQ

Black Hat Europe 2025 | Understanding Trends & Patterns In Insider Threat: Analysis Of 1,000+ Cases

This session examines the world of malicious insider threat by identifying the trends and patterns of the Tactics, Techniques, and Procedures (TTPs) observed in over 1,000 cases. Rather than focus on attitudinal surveys or anecdotal data, this session will explore the TTPs used by malicious insiders which are most valuable to digital forensic examiners and incident responders. By: Michael Robinson | Senior Security Analyst, Google https://ift.tt/bNAYdWc

source https://www.youtube.com/watch?v=-ueCcEdDjOM

Black Hat Europe 2025 | Token Injection: Crashing LLM Inference With Special Tokens

As large language models (LLMs) are deployed at scale, their underlying inference frameworks (e.g., vLLM, SGLang, TensorRT-LLM) have become critical operational pillars. These systems must splice user prompts with control structures, tokenise them, and schedule requests within milliseconds. Within this high-speed pipeline, we identify an underappreciated attack surface: special tokens. We introduce the first "Token Injection" attack model, showing how a single prompt composed solely of special tokens can trigger uncaught exceptions in embedding and CUDA computation stages, resulting in denial of service (DoS) or full-service crashes. It can also cause inference manipulation, such as chat interruption and context pollution. The attack requires no authentication and works via standard input interfaces, affecting both self-hosted and managed deployments. We validate impact across multiple inference frameworks, including vLLM, SGLang, TensorRT-LLM, MLX, Ollama, and Hugging Face TGI; and across major platforms, including NVIDIA NIM, Google Vertex AI, Azure AI Foundry, Hugging Face, Meta AI, and OpenRouter. This work shifts the AI security focus from "model output" to the security of inference infrastructure, offering practitioners a new perspective and a concrete defence paradigm. By: Pengyu Ding | PhD Student, Infra Security, Ant Group & Huazhong University of Science and Technology Ziteng Xu | Senior Cybersecurity Expert, Infra Security, Ant Group Zhiniang Peng | Associate Professor, Huazhong University of Science and Technology Dongliang Mu | Associate Professor, Huazhong University of Science and Technology https://ift.tt/v9tsYEh

source https://www.youtube.com/watch?v=ILnTkeuxPPw

Black Hat Europe 2025 | Insights From Phishing-Resistant Authentication

How many phishing attempts bypass enterprise pre-authentication security, including email gateways, DNS filtering, SASE, SWG, browser security, and endpoint protection, to trick users into malicious logins? And how effectively do current security systems detect and respond to these? While general phishing trends are known, the true impact and organizational defense postures remain unclear. Analyzing two years of phishing attempts stopped only by phishing-resistant authentication, we quantify a notable volume of attacks that bypass the pre-authentication security layers and successfully trick users. We then dive into events linked to AiTM campaigns using EvilProxy kits, dissecting their patterns across verticals and company sizes, identifying indicators of compromise, and tracking longitudinal trends. As part of our investigation, we also reached out to impacted organizations, with a notable number indicating they hadn't detected these attempts until our notifications. This work provides crucial, data-driven evidence highlighting the importance of phishing-resistant authentication and exposing many organizations' often mediocre security postures. It transforms failed authentication into actionable threat intelligence, revealing and helping address organizations' actual security gaps. By: Fei Liu | Principal Emerging Technology Researcher, Okta

source https://www.youtube.com/watch?v=6jw8vG8FaEQ

Black Hat Stories | Jessica Oppenheimer, Director, SOC Integrations, Splunk Security

source https://www.youtube.com/watch?v=UM_Ct9Sf17o

Get One Step Ahead at Black Hat 🚀

Ari Herbert-Voss, Founder and CEO of RunSybil, explains how Black Hat helps cybersecurity professionals stay one step ahead by bringing together diverse perspectives and deep expertise. Take full advantage of the opportunity to learn, connect, and grow. 🎥 Watch the full episode to hear more about Ari's experience at Black Hat.

source https://www.youtube.com/shorts/ame3xiDUe-0

Inside the Black Hat community 💻

Ari Herbert-Voss shares what makes the Black Hat community unique, welcoming to newcomers while staying highly technical and focused on cutting-edge research. 🎥 Watch the full Episode 5 to hear more about Ari's Black Hat experience.

source https://www.youtube.com/shorts/NnDcponpls8

Black Hat Europe 2025 | Network Operations Center (NOC) Report

Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network. By: Neil Wyler | Vice President of Defensive Services, Coalfire Bart Stump | Managing Principal, Coalfire https://ift.tt/rLtDyUC

source https://www.youtube.com/watch?v=onxC-5-zYus

Black Hat Europe 2025 | Weaponizing Image Scaling Against Production AI Systems

AI vision systems see differently than humans do. When platforms downscale uploads to save compute, the mathematical properties of interpolation algorithms create exploitable artifacts. In this presentation, we'll show how to craft images which use invisible pixel perturbations to reveal malicious prompts after downscaling, triggering unauthorized tool execution across Google Gemini, Vertex AI, Google Assistant, and Genspark. Beyond image downscaling, we'll explore the broader attack surface, including audio transformations, dithering algorithms, and other preprocessing steps that become prompt injection vectors. You'll learn to fingerprint vulnerable systems using test patterns that reveal specific downscaling implementations across AI libraries. We'll demo Anamorpher, our open-source tool for automated attack generation, with both Python APIs and visual interfaces, as well as examine practical mitigations from displaying actual processed images to implementing design patterns resistant to prompt injection, such as the action selector pattern. By: Suha Hussain | AI Research Engineer, Product Security, Harvey Kikimora Morozova | Security Researcher, Trail of Bits https://ift.tt/MuZqL6N

source https://www.youtube.com/watch?v=rHvFGz7_67k