SecTor 2025 | Investigate & Respond to Attacks on GenAI Chatbots

It's coming, and you aren't ready—your first generative AI chatbot incident. GenAI chatbots, leveraging LLMs, are revolutionizing customer engagement by providing real-time, automated 24/7 chat support. But when your company's virtual agent starts responding inappropriately to requests and handing out customer PII to anyone who asks nicely, who are they going to call? You. You've seen the cool prompt injection attack demos and may even be vaguely aware of preventions like LLM guardrails; but are you ready to investigate and respond when those preventions inevitably fail? Would you even know where to start? It's time to connect traditional investigation and response procedures with the exciting new world of GenAI chatbots. In this talk, you'll learn how to investigate and respond to the unique threats targeting these systems. You'll discover new methods for isolating attacks, gathering information, and getting to the root cause of an incident using AI defense tooling and LLM guardrails. You'll come away from this talk with a playbook for investigating and responding to this new class of GenAI incidents and the preparation steps you'll need to take before your company's chatbot responses start going viral—for the wrong reasons. By: Allyn Stott | Senior Staff Engineer, Airbnb Presentation Materials Available at: https://ift.tt/jPmDCT9

source https://www.youtube.com/watch?v=Iah5epX_3AY

SecTor 2025 | From Days to Hours: Accelerating Cyber Threat Response with AI Agents

Identifying and responding to emerging threats before they escalate into widespread attacks is one of the hardest challenges in cybersecurity today. Threats often surface first in informal channels, long before official advisories are published. By the time traditional detection systems catch up, it's often too late. In this session, we will present a collaborative AI-agent framework built to act as a threat intelligence and threat hunting accelerator. The system ingests and semantically processes large volumes of structured and unstructured data - including CISA alerts, CVE databases, vendor reports, EXA and Perplexity search results, and social media signals. Using a custom LLM-based clustering engine, the system groups early threat signals by topic, CVE, and campaign, allowing for real-time insight into what's emerging across the security landscape. Each agent in the framework plays a specialized role: surfacing relevant threats, analyzing and prioritizing them based on relevance and severity, extracting TTPs and IOCs, and generating hunting queries. We'll walk through the system design, share implementation insights (including hallucination control, prompt chaining and evaluation), and showcase how this setup enables teams to reduce the time between "first appearance" and "first action" to hours or even minutes. Attendees will leave with a deep understanding of how LLM-based agents can be used as proactive actors in cyber threat intelligence and response workflows. By: Yuval Zacharia | Director R&D, Security Research & AI, Hunters Presentation Materials Available at: https://ift.tt/0ulbgK9

source https://www.youtube.com/watch?v=Q1-9IABavgw

SecTor 2025 | What Happens When Your Digital Voice Clone Goes Rogue

"Speak for Me" was envisioned as a Windows accessibility feature designed to replicate a user's voice with just a few samples, storing it locally as an AI model trained on the user's voice. This innovative feature aimed to enhance the existing Text-To-Speech interface, offering capabilities such as creating a virtual microphone for seamless use in conferencing apps like Microsoft Teams. Our team performed an internal security audit of this feature, revealing that it is very hard to protect. The potential attacks spanned across multiple vectors. Ultimately, our audit led to this feature being released with Custom Neural Voices (CNV) Azure service only. In this session, we will walk you through the various attack scenarios and vulnerabilities found, showcasing the difficulties of protecting AI based user voices on client devices. We will start our presentation with a number of critical vulnerabilities discovered in the project. These include classical remote code execution on the victims' machines, but more interestingly, either directly stealing the model itself, or abusing the cloud infrastructure to obtain a model of arbitrary persona. Both client and web side of the app had multiple defensive mechanisms such as consent voice recording, model encryption, watermarking embedded into voice samples and others that were supposed to prevent the infrastructure from being abused to produce deepfakes by bad actors. All of these could easily be bypassed and ultimately, the attacker could gain the ability to impersonate a victim with relatively low effort. This project will serve as a case study to demonstrate the challenges and vulnerabilities of AI security on devices, particularly on generic Windows platforms that were not designed to protect highly sensitive AI models. We will examine the current state of the Windows security ecosystem and its relevance to AI model security. By: Andrey Markovytch | Senior Security Researcher, Microsoft Presentation Materials Available at: https://ift.tt/096XJKz

source https://www.youtube.com/watch?v=49odcoAoqYw

Black Hat Stories | David Oswald, Cyber Security Professor at Durham University

In this episode of Black Hat Stories, David Oswald, Professor in Cyber Security at Durham University, shares why Black Hat is essential for academics at every level. With a background spanning research and real-world security challenges, David has attended Black Hat multiple times and sees it as a unique bridge between academia and industry. Unlike traditional academic conferences, Black Hat offers practical, hands-on insights that bring fresh perspective to research and teaching. Hear David's perspective on how Black Hat connects theory with real-world application and why it's a must-attend for anyone in security and academia. 🎟️Join us at Black Hat USA: https://ift.tt/64pvRUJ 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/5sULWKB #BlackHatStories #BHEU #BlackHat #cybersecurity

source https://www.youtube.com/watch?v=U6ZV6m4hOaQ

SecTor 2025 | Tracking You Across Apps and the Web Hydra-Style

While Android promises to prevent applications from exchanging tracking data directly, this sandbox is brittle and allows apps to share data across apps and the Web. We found HyTrack, a robust new tracking technique for Android. Apps could use it to track you extensively and then sell your data or generate revenue with personalized ads outside your control! HyTrack is independent of standard tracking techniques such as AD IDs or fingerprinting. Trackers can use it to track your application usage across sandbox barriers in multiple apps and websites you use in your default browser. HyTrack abuses a new browser feature called Custom Tabs and Trusted Web Activities. Hytrack is both covert, hiding perfectly in plain sight, and additionally, it is Hydra-like! It is hard to get rid of: If you attempt to delete parts of it on your device, it will regrow. Hytrack will survive re-installations of applications and other deletion attempts. Even getting a new phone will not help you if you don't take precautions. In multiple studies, we measured whether applications in the wild already use HyTrack. We will discuss the mechanisms behind HyTrack, check which browsers and devices are affected (Spoiler: all major Android browsers), and discuss possible mitigations and why defenses are non-trivial. But it is vital to discuss defenses right now, as it looks like we discovered HyTrack before the trackers did. Therefore, we should act now, both individually and as a community! By: Malte Wessels | PhD Student, TU Braunschweig Presentation Materials Available at: https://ift.tt/MyNnHkr

source https://www.youtube.com/watch?v=ehVAlesTcO0

SecTor 2025 | DriveThru Hacking: Now with Delivery

In-car dash cameras (dashcams) are now standard in modern vehicles, often encouraged by insurers to support claims. But without strong security, they pose a serious privacy and attack risk. This talk introduces the latest iteration of DriveThru Hacking, targeting over two dozen dashcam models via an automated, vendor-agnostic tool that extracts footage, GPS data, and conversations in minutes. A new online service enables controlled testing via license-based red (attack) and blue (defense) modes. Blue deploys hardening and a lightweight IPS to block known threats. We will also explore SIM-enabled dashcams with 4G, where attackers escalate privileges from local access and establish outbound C2 beacons - turning mobile dashcams into roaming footholds. Unlike IoT devices locked to a home, these are exposed everywhere the vehicle goes. We will close with practical countermeasures for manufacturers, defenders, and regulators navigating an increasingly connected automotive world. By: George Chen | Security Architect, Alina Tan | Co-founder, HE&T Security Labs Chee Peng Tan | Lead Cybersecurity Analyst Benjamin Cao | Incident Response Lead Presentation Materials Available at: https://ift.tt/UaPzV7d

source https://www.youtube.com/watch?v=SiN8iC7TTaY

SecTor 2025 | Sharing Is Caring About an RCE Attack Chain on Quick Share

Quick Share (formerly Nearby Share) has allowed Android users to easily share files for four years now. A year ago, Google introduced a Windows version. Google's promotion of Quick Share for preinstallation on Windows, alongside the limited recent research, ignited our curiosity about its safety, leading to an investigation that uncovered more than we had imagined. We studied its Protobuf-based protocol using hooks, built tools to communicate with Quick Share devices, and a fuzzer that found non-exploitable crashes in the Windows app. We then diverted to search for logic vulnerabilities, and boy oh boy, we regretted we hadn't done it sooner. We found 10 vulnerabilities, both in Windows & Android, allowing us to remotely write files into devices without approval, force the Windows app to crash in additional ways, redirect its traffic to our WiFi AP, traverse paths to the user's folder, and more. However, we were looking for the holy grail, an RCE. Thus, we returned to the drawing board, where we realized that the RCE is already in our possession in the form of a complex chain. In this talk, we'll introduce QuickShell - An RCE attack chain on Windows combining 5 out of 10 vulnerabilities in Quick Share. We'll provide an overview of Quick Share's protocol, present our fuzzer, the found vulnerabilities, a new HTTPS MITM technique, and finally, the RCE chain. By: Or Yair | Security Researcher, SafeBreach Presentation Materials Available at: https://ift.tt/SyYzDsH

source https://www.youtube.com/watch?v=mafI9UoxL6A

SecTor 2025 | Leading Across the Generations

Each generation brings unique strengths, perspectives, and challenges. Leading a diverse, multigenerational team requires more than just understanding technology—it requires understanding people. The strategies that resonate with seasoned professionals likely differ from those that inspire the youngest members of your team. When you also consider the impact of technology and the pace of change brought about by that technology, interesting trends and patterns emerge. As leaders better understand those trends and patterns, they lead their teams to be much higher performing. The ultimate result is happier, more productive employees, higher retention and better recruiting possibilities. In this session, we'll explore why leadership is the foundation of every successful cybersecurity initiative. We'll also dive into the nuances of leading across generations, offering proven tactics to effectively manage, motivate, and unify your team. Discover how to harness the potential of every team By: Randy Raw | CISO, Veterans United Home Loans Presentation Materials Available at: https://ift.tt/4dKi6VT

source https://www.youtube.com/watch?v=rc69Nnam6fI

SecTor 2025 | One Agent to Rule Them All: How One Malicious Agent Hijacks A2A System

As multi-agent architectures become increasingly essential to enterprise workflows, Google's A2A and Anthropic's MCP have been proposed as standard protocols for agent communication and integration. These protocols have become foundational for scaling AI agents Technology, enabling the seamless integration of third-party agents, often available as open-source code, into existing systems. However, these protocols must also ensure system safety, and potential security risks must be carefully considered. In this presentation, we will highlight a key vulnerability in these protocols: integrating outsourced agent card's text into the delegator agent's instructions introduces a backdoor for cyber security attacks. Our presentation will first explain the protocol design and its weaknesses. Then, we will show how malicious agents with hidden prompt injection can bypass current defenses and checks. We will also present a way to combine user's trust in LLMs and LLM hallucinations to drive the user to install malicious agent. Finally, we demonstrate how such malicious agents enable full system compromise, including DoS, sensitive data theft, Phishing and lateral spread. All those attacks are done without detections at all and look to the user as normal behavior of the system. By: Adar Peleg | Cyber Researcher, Technion Stav Cohen | PhD Student, Technion Shaked Adi | Student & Researcher, ATLAS - The Technion's AI Security Lab Dvir Alsheich | Student & Researcher, ATLAS - The Technion's AI Security Lab Rom Himelstein | Graduate Student & Supervisor, ATLAS - The Technion's AI Security Lab Amit LeVi | Principle AI Security Researcher & Advisor, ATLAS - Technion Lab: AI Trust, Learning, Architecture, Security Avi Mendelson | Head of the ATLAS Lab, Technion – Technical University Presentation Materials Available at: https://ift.tt/SN8hlKe

source https://www.youtube.com/watch?v=X_Qb_EVDQx4

Black Hat USA 2025 | ReVault! Compromised by Your Secure SoC

We all love security, right? And when we trust a security component to safeguard our most valuable assets, such as passwords, key material and biometrics, we want to believe they're doing a good job at it. But what happens when this assumption is flawed, and the chip that was going to protect our assets turns against us? In this talk, we'll present the ReVault attack that targets an embedded chip found in millions of business laptops. We will demonstrate how a low privilege user can fully compromise the chip, plunder its secrets, gain persistence on its application firmware and even hack Windows back. Are you ready for the heist? By: Philippe Laulheret | Senior Vulnerability Researcher, Cisco Talos Full Session Details Available at: https://ift.tt/tXNJfoh

source https://www.youtube.com/watch?v=oGMa7BFzLK4

Black Hat USA 2025 | Watch Your (Lock)Step: Glitching into Automotive Processors

The firmware and secrets in automotive processors (such as in ECUs & co) are often protected using a variety of hardware security and safety features, such as read-out protection & co. One such feature is lockstep: Each instruction is basically executed twice, which is commonly interpreted as a mitigation against hardware attacks such as fault-injection. But how effective is it really? In this talk, we will look at glitching different lockstep processors using different fancy hardware hacking methods, and also demonstrate vulnerabilities allowing us to fully bypass the protection on certain processors - breaking their read-out protection and letting us read-out firmware & secrets! By: Thomas 'stacksmashing' Roth | Founder, hextree.io Full Session Details Available At: https://ift.tt/58BVc9j

source https://www.youtube.com/watch?v=wg9b6R9HvGg