Black Hat Europe 2025 | Habemus Securitas - Exploring Apple's Hidden Territories

With the Secure Page Table Monitor (SPTM) and Exclaves, Apple has introduced a broad spectrum of new memory protection mechanisms over the past few years, realized through their Guarded Execution Feature (GXF). Currently, there is little public discussion on piecing these mechanisms together and exploring the broader implications of XNU compartmentalization. In this talk, we will delve into the inner workings of SPTM, exploring how its services are utilized by XNU and other secure world clients, namely the Secure Kernel (SK), Trusted Execution Monitor (TXM), and Exclaves, and the contributions they make to system and memory security. To achieve this, we analyze the underlying SPTM functionality, with a focus on memory frame typing, page mapping, and the implemented rulesets governing iOS memory mapping across newly introduced SPTM security domains. By: Moritz Steffin | Master's Student, Hasso Plattner Institute, University of Posdam https://ift.tt/RphTtXI

source https://www.youtube.com/watch?v=rQnu_0aPQY0

Black Hat Europe 2025 | Low-Cost Memory Interposer Attacks On Confidential Computing

As cloud computing adoption grows, so do concerns about trust and data privacy. Confidential computing, powered by innovative hardware technologies like Intel SGX and AMD SEV, promises strong isolation and transparent memory encryption to protect against privileged attackers and physical threats such as bus snooping and cold boot attacks. In this talk we present a custom, low-cost (50 dollar) DDR4 interposer that dynamically manipulates memory address lines to create adversarial aliases, tricking the processor into granting unauthorized access to encrypted memory. Crucially, our interposer operates at runtime, allowing it to bypass recent boot-time firmware mitigations deployed by Intel and AMD in response to our earlier software-based "BadRAM" memory aliasing attacks. Using our novel interposer, we undermine trust in both the Intel SGX and AMD SEV ecosystems. We demonstrate the first successful attack on Intel's Scalable SGX single-key memory domain, enabling arbitrary plaintext read/write access and extraction of SGX's platform provisioning key used for remote attestation. Additionally, we achieve full attestation bypasses on up-to-date AMD SEV-SNP systems despite the latest firmware defenses, allowing us to forge attestation reports and implant persistent backdoors in SEV-protected virtual machines. In the broader context, our results challenge fundamental assumptions about encrypted memory security guarantees and expose critical flaws in the performance-security trade-offs of today's confidential cloud computing systems. By: Jesse De Meulemeester | PhD researcher, COSIC, KU Leuven Jo Van Bulck | Prof., DistriNet, KU Leuven David Oswald | Prof., Durham University https://ift.tt/cCXioZJ

source https://www.youtube.com/watch?v=AyJqRmIBHKk

Black Hat Europe 2025 | The Fragile Lock: Novel Bypasses For SAML Authentication

SAML2 has been the backbone of enterprise single sign-on for over 20 years. Behind its familiar facade lies a chaotic mix of legacy specifications, fragile XML processing, and false assurances of security. Despite endless patches and best practices, the protocol continues to collapse under the weight of its own complexity. In this talk, I will show you how to bypass authentication using subtle flaws in XML handling. I will introduce several previously unpublished techniques that enable the crafting of reliable, stealthy exploits against SAML implementations that appear secure on the surface. I will also release an open-source toolkit designed to identify and exploit these vulnerabilities in real-world SAML deployments. It is time to stop patching the unpatchable and start questioning the protocol itself. By: Zak Fedotkin | Researcher, PortSwigger https://ift.tt/D4o6VIw

source https://www.youtube.com/watch?v=o5KpYzbQYG0

Black Hat Europe 2025 | Why We Can't Retrofit Old Security Principles Onto AI Agents

Traditional security relies on axioms like separating code from data, but LLM-based agents blur these lines by treating user prompts and untrusted external content as identical semantic inputs. Dr. Ilia Shumailov argues that current defenses are fundamentally flawed: adaptive attacks bypass standard guardrails with over 90% success, and existing red-teaming incentives often perpetuate vulnerabilities rather than fixing them. This session presents a breakthrough alternative—deployment architectures that fix prompt injections by design and scale to support complex Web and Computer Use Agents. Discover how to move beyond fragile detection models toward systems with provable security against control-flow injections and verifiable security against data-flow attacks for the next generation of autonomous agents. By: Ilia Shumailov | PhD in Computer Science from the University of Cambridge https://ift.tt/t9mGWCQ

source https://www.youtube.com/watch?v=HGCwYIUgoKc

Black Hat Intercepted | Mike Spicer, Black Hat NOC Lead

Meet Mike Spicer (aka DarkMatter), a NOC lead at Black Hat, revealing how the team detected and tracked down a compromised attendee during the conference. When a device connected to the network and started communicating with a known malicious source, an alert was triggered among hundreds of thousands of events. The team conducted a deep dive analysis, examining packet types and communication patterns to identify the threat actor through behavioral analysis. Using open-source intelligence techniques, the team fingerprinted the network communication, pieced together the digital breadcrumbs, and matched the activity to a registered attendee. The team successfully made contact to help secure the compromised device.

source https://www.youtube.com/shorts/ddpZoTcvGmQ

Black Hat Europe 2025 | Understanding Trends & Patterns In Insider Threat: Analysis Of 1,000+ Cases

This session examines the world of malicious insider threat by identifying the trends and patterns of the Tactics, Techniques, and Procedures (TTPs) observed in over 1,000 cases. Rather than focus on attitudinal surveys or anecdotal data, this session will explore the TTPs used by malicious insiders which are most valuable to digital forensic examiners and incident responders. By: Michael Robinson | Senior Security Analyst, Google https://ift.tt/bNAYdWc

source https://www.youtube.com/watch?v=-ueCcEdDjOM

Black Hat Europe 2025 | Token Injection: Crashing LLM Inference With Special Tokens

As large language models (LLMs) are deployed at scale, their underlying inference frameworks (e.g., vLLM, SGLang, TensorRT-LLM) have become critical operational pillars. These systems must splice user prompts with control structures, tokenise them, and schedule requests within milliseconds. Within this high-speed pipeline, we identify an underappreciated attack surface: special tokens. We introduce the first "Token Injection" attack model, showing how a single prompt composed solely of special tokens can trigger uncaught exceptions in embedding and CUDA computation stages, resulting in denial of service (DoS) or full-service crashes. It can also cause inference manipulation, such as chat interruption and context pollution. The attack requires no authentication and works via standard input interfaces, affecting both self-hosted and managed deployments. We validate impact across multiple inference frameworks, including vLLM, SGLang, TensorRT-LLM, MLX, Ollama, and Hugging Face TGI; and across major platforms, including NVIDIA NIM, Google Vertex AI, Azure AI Foundry, Hugging Face, Meta AI, and OpenRouter. This work shifts the AI security focus from "model output" to the security of inference infrastructure, offering practitioners a new perspective and a concrete defence paradigm. By: Pengyu Ding | PhD Student, Infra Security, Ant Group & Huazhong University of Science and Technology Ziteng Xu | Senior Cybersecurity Expert, Infra Security, Ant Group Zhiniang Peng | Associate Professor, Huazhong University of Science and Technology Dongliang Mu | Associate Professor, Huazhong University of Science and Technology https://ift.tt/v9tsYEh

source https://www.youtube.com/watch?v=ILnTkeuxPPw

Black Hat Europe 2025 | Insights From Phishing-Resistant Authentication

How many phishing attempts bypass enterprise pre-authentication security, including email gateways, DNS filtering, SASE, SWG, browser security, and endpoint protection, to trick users into malicious logins? And how effectively do current security systems detect and respond to these? While general phishing trends are known, the true impact and organizational defense postures remain unclear. Analyzing two years of phishing attempts stopped only by phishing-resistant authentication, we quantify a notable volume of attacks that bypass the pre-authentication security layers and successfully trick users. We then dive into events linked to AiTM campaigns using EvilProxy kits, dissecting their patterns across verticals and company sizes, identifying indicators of compromise, and tracking longitudinal trends. As part of our investigation, we also reached out to impacted organizations, with a notable number indicating they hadn't detected these attempts until our notifications. This work provides crucial, data-driven evidence highlighting the importance of phishing-resistant authentication and exposing many organizations' often mediocre security postures. It transforms failed authentication into actionable threat intelligence, revealing and helping address organizations' actual security gaps. By: Fei Liu | Principal Emerging Technology Researcher, Okta

source https://www.youtube.com/watch?v=6jw8vG8FaEQ

Black Hat Stories | Jessica Oppenheimer, Director, SOC Integrations, Splunk Security

source https://www.youtube.com/watch?v=UM_Ct9Sf17o

Get One Step Ahead at Black Hat 🚀

Ari Herbert-Voss, Founder and CEO of RunSybil, explains how Black Hat helps cybersecurity professionals stay one step ahead by bringing together diverse perspectives and deep expertise. Take full advantage of the opportunity to learn, connect, and grow. 🎥 Watch the full episode to hear more about Ari's experience at Black Hat.

source https://www.youtube.com/shorts/ame3xiDUe-0

Inside the Black Hat community 💻

Ari Herbert-Voss shares what makes the Black Hat community unique, welcoming to newcomers while staying highly technical and focused on cutting-edge research. 🎥 Watch the full Episode 5 to hear more about Ari's Black Hat experience.

source https://www.youtube.com/shorts/NnDcponpls8