SecTor 2025 | Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab

For over twenty years, the University of Toronto's Citizen Lab has pioneered investigations into digital security and human rights—from exposing state cyber espionage to uncovering the global spread of mercenary spyware targeting journalists, activists, and human rights defenders. Drawing from my latest book, Chasing Shadows, I will recount how our mission to conduct "counter-intelligence for civil society" revealed surveillance around the inner circle of murdered Washington Post journalist Jamal Khashoggi and uncovered domestic espionage campaigns across Mexico, Spain, Hungary, Poland, Thailand, El Salvador, and most recently, Italy. As our small team disarmed cyber mercenaries and helped improve the digital security of billions, we, too, became targets—caught in the same sinister crosshairs as those we sought to protect. I will also look ahead to the future of our mission and the rising challenges of AI-enabled subversion, Dark PR, and advertising intelligence, and how the kind of public-interest research the Lab has championed is now under threat from a growing tide of despotism and authoritarianism. By: Ron Deibert | Director, The Citizen Lab, Professor of Political Science, University of Toronto https://ift.tt/yHF7MPC

source https://www.youtube.com/watch?v=QNJgYIpKWWE

SecTor 2025 | The Good, the Bad, and the Ugly: Hacking 3 Cloud Providers with 1 Vulnerability

Join us for an inside look at how leading cloud providers architect their environments, and the anatomy of a container escape vulnerability in the wild. Our goal is to learn how to build stronger guardrails in the cloud by examining the flaws and misconfigurations we were able to exploit in each environment. As AI workloads migrate to the cloud, Cloud Providers are rapidly evolving their GPU offerings. These multi-tenant environments are often built on the NVIDIA Container Toolkit, the industry-standard framework for running GPU-based containerized apps. In this talk, we will show you how a single vulnerability in this fundamental framework impacted the entire cloud ecosystem – and how each environment handled a brand-new 0-day vulnerability. We'll walk through our discovery of a container escape vulnerability in this foundational layer of GPU infrastructure, and its real-life implications across 3 different cloud providers: Azure, DigitalOcean, and Replicate. Each case study began with a standard customer workload running our exploit – but the outcomes varied widely. One led to a minor impact; another with lateral movement that triggered blue teamers; and one resulted in complete service takeover. The differing outcomes didn't stem from the vulnerability itself; they stemmed from varying service architectures and security best practices. We'll analyze and contrast these implementations to demonstrate how a well-isolated environment can be resilient even against 0-day attacks! By: Hillai Ben-Sasson | Security Researcher, Wiz Nir Ohfeld | Head of Vulnerability Research, Wiz https://ift.tt/pXBaFGb

source https://www.youtube.com/watch?v=O49EgRnu4VU

SecTor 2025 | Security is Easier Before PCB Assembly: Easy Threat Modeling for Hardware

Most threat modeling ignores hardware — but hardware problems can be impossible to fix when products have left the factory. The industry has spent decades refining threat modeling processes so they're approachable, organized, and useful; however most of this was done with software security in mind. Three leading experts have performed a threat model of the OpenWRT One. We'll share our complete results, a case study threat modeling document, and our process. We chose it because it's open and attendees may be familiar with it, but also because the scenario mirrors real threat modeling: you don't have to reverse out all the details. Whether we're dealing with IoT/OT devices, hardware security modules, multi-tenant cloud hardware, or specialized compute accelerators, we've seen when and how hardware-specific threats come into play. When is hardware in scope? When is it someone else's problem? When and how do we decide if it is just an acceptable risk? We'll explain when, why and how your next model should consider hardware threats, even if you don't think you have hardware to worry about or you think it's out of scope. We'll call out a number of assumptions you should keep in mind and share the process for you to assess mixed hardware/software systems yourself. Attendees will learn how to develop a better understanding of what hardware you're already working with, what can go wrong with it, and what you can do about it. Hopefully this, combined with a fully worked example of how that all comes together, will help you do a good job of incorporating hardware concerns into your threat model to make long term product security easier. By: Eric Evenchick | Co-Founder and Managing Partner, Tetrel Security Joe FitzPatrick | Trainer and Researcher, SecuringHardware.com Adam Shostack | President, Shostack + Associates https://ift.tt/5vCmArq

source https://www.youtube.com/watch?v=W5p6zGpjdLY

SecTor 2025 | Scaling the AppSec Program Without Scaling Security Headcount

The ability to scale application security programs, including vulnerability triage and remediation with bots has been proven. This session will apply a flavor of GenAI, enhanced with proprietary data accumulated through years of very large-scale security deliveries and focus on how to implement the bot(s), what scales can be achieved, and the cost savings and results. By: Mario Lauande Lacroix | Senior Security Manager, Accenture Will Yeager | Security Consulting Manager, Accenture https://ift.tt/ch3Am9y

source https://www.youtube.com/watch?v=QNPH4kh4dQY

SecTor 2025 | Invoking Gemini for Workspace Agents with Simple Google Calendar Invite

Over the past two years, we have witnessed the emergence of a new class of attacks against LLM-powered systems known as Promptware. Promptware refers to prompts (in the form of text, images, or audio samples) engineered to exploit LLMs at inference time to perform malicious activities within the application context. While a growing body of research has already warned about a potential shift in the threat landscape posed to applications, Promptware has often been perceived as impractical and exotic due to the presumption that crafting such prompts requires specialized expertise in adversarial machine learning, a cluster of GPUs, and white-box access. This talk will shatter this misconception forever. In this talk, we introduce a new variant of Promptware called Targeted Promptware Attacks. In these attacks, an attacker invites a victim to a Google Calendar meeting whose subject contains an indirect prompt injection. By doing so, the attacker hijacks the application context, invokes its integrated agents, and exploits their permission to perform malicious activities. We demonstrate 15 different exploitations of agent hijacking targeting the three most widely used Gemini for Workspace assistants: the web interface (www.gemini.google.com), the mobile application (Gemini for Mobile), and Google Assistant (which is powered by Gemini), which runs with OS permissions on Android devices. We show that by sending a user an invitation for a meeting (or an email or sharing a Google Doc), attackers could hijack Gemini's agents and exploit their tools to: Generate toxic content, perform spamming and phishing, delete a victim's calendar events, remotely control a victim's home appliances (connected windows, boiler, and lights), video stream a victim via Zoom, exfiltrate emails and calendar events, geolocate a victim, and launch a worm that tarets Gemini for Workspace clients. Our demonstrations show that Promptware is capable to perform (1) inter-agent lateral movement (triggering malicious activity between different Gemini agents), and (2) inter-device lateral movement, escaping the boundaries of Gemini and leveraging applications installed on a victim's smartphone to perform malicious activities with physical outcomes (e.g., activating the boiler and lights or opening a window in a victim's apartment). Finally, we assess the risk posed to end users using a dedicated threat analysis and risk assessment framework we developed. Our findings indicate that 73% of the identified risks are classified as high-critical, requiring the deployment of immediate mitigations. By: Or Yair | Security Researcher, SafeBreach Stav Cohen | PhD Student, Technion Ben Nassi | Ramat Gan, Technion https://ift.tt/YHvcmWX

source https://www.youtube.com/watch?v=KVUniT5H4Rk

SecTor 2025 | Rethinking Phishing Detection in the Age of AI and Disinformation

Phishing is no longer just a technical problem; it is a cognitive one. Classifiers that rely on dynamic features such as sentiment, urgency, or message length are highly vulnerable to concept drift. Attackers adapt quickly, and with the help of large language models, they can now craft highly convincing phishing messages that evade traditional detection systems. Many of the signals we once relied on are no longer dependable because they also appear in legitimate communication. In response, there is a growing shift toward static features, especially URL-based analysis. Elements like domain entropy or subdomain structure are harder for attackers to modify without breaking the link and tend to remain stable over time. However, static models often lack transparency. Why was the link flagged? What pattern triggered the detection? Without clear explanations, users are left in the dark and trust in the system erodes. This Briefing explores how to move beyond surface-level detection. Drawing on recent research in adversarial machine learning, social engineering modeling, and cognitive psychology, we will present a classifier design that integrates manipulation scoring, concept drift monitoring, and explainability from the ground up. Attendees will gain insight into how phishing tactics evolve and how to design defenses that adapt to them while staying aligned with human behavior. By: Michel Hebert | Industry Research, Practice Lead, Info-Tech Research Group https://ift.tt/eDCdFOz

source https://www.youtube.com/watch?v=nAbyzHJivfo

SecTor 2025 | Hackers Dropping Mid-Heist Selfies

Information stealer malware has become one of the most prolific and damaging threats in today's cybercrime landscape, siphoning off everything from browser-stored credentials to session tokens and other system secrets. In 2024 alone, we witnessed more than 30 million stealer logs traded on underground markets. Yet buried within these logs is an underexplored goldmine: screenshots captured at the precise moment of infection. Think of it as a thief taking a selfie mid-heist, unexpected but convenient for us, right? Surprisingly, these crime scene snapshots have been largely overlooked until now. Leveraging infostealer infection screenshots and Large Language Models (LLMs), we propose a new approach to identify infection vectors, extract indicators of compromise (IoCs) and track infostealer campaigns at scale. Our approach found several hundred potential IoCs in the form of URLs leading to the download of the malware-laden payload. By applying this method to "fresh" stealer logs, we can detect and mitigate infection vectors almost instantaneously, reducing further infections. Our analysis uncovered distribution strategies, lure themes and social engineering techniques used by threat actors in successful infection campaigns. We will break down three distinct campaigns to illustrate the tactics they use to deliver malware and deceive victims: cracked versions of popular software, ads pointing to popular software and free AI image generators. This presentation, with its live demonstration, shows how LLMs can be harnessed to extract IoCs at scale while addressing the challenges and costs of implementation. Attendees will walk away with a deeper understanding of the modern infostealer ecosystem and will want to apply LLM to other illicit artifacts to extract actionable intelligence. By: Estelle Ruellan | Threat Intelligence Researcher, Flare Olivier Bilodeau | Principal Security Researcher, Flare https://ift.tt/ebiEhyQ

source https://www.youtube.com/watch?v=5nCXriBDwk8

SecTor 2025 | 5 Years of Attack Surface Analysis in Canada

Since 2019, the Hackfest community has led an ongoing initiative to analyze the public-facing attack surface of provincial governments in Quebec and Ontario, as well as federal and municipal systems. The objective: to objectively measure and report on the cybersecurity posture of our governments. In this session, we will present the findings of our fourth large-scale assessment and offer a candid discussion on the current state of government cybersecurity in Canada. Our analysis includes attack surface metrics, exposed legacy systems, insecure web applications, and the accessibility of critical infrastructure from the public internet. We will highlight basic security failures such as thousands of misconfigured HTTPS sites, 20-year-old legacy systems still in use, websites vulnerable to fundamental attacks like XSS and SQL injection, and more. These findings paint a clear picture: cybersecurity remains a low priority in the protection of citizens' data and critical infrastructures across multiple levels of government. Join us for an evidence-based dive into what the data reveals — and where we must go from here. By: Patrick Roy | Information Security Advisor, CISSP, Patrick Mathieu | Owner, Hackfest.ca & Product Security Leader, Hackfest Capt(ret) Steve Waterhouse | CEO and Founder, INFOSECSW https://ift.tt/EtdoKcy

source https://www.youtube.com/watch?v=XJsgBd3Hbes

SecTor 2025 | Exploiting Multi Agent Systems

Large language model agents don't just talk, they collaborate, delegate and act. That orchestration layer opens a new attack surface: multi agent prompt injection. In this fast paced SecTor session you'll watch a red team walkthrough that starts with harvesting hidden system prompts, then escalates through mirrored pattern injections that subvert individual agents, corrupt the planner, and co opt tool calls. We'll dissect both direct and "second hand" (indirect) attacks that propagate across agent boundaries, chaining seemingly innocuous instructions into a full mission level takeover. Defenders aren't powerless, but every control has a price. We map mitigations—from agent scoped content sanitization to policy enforced orchestrators and high fidelity telemetry—against their engineering effort and real world efficacy. You'll leave with a pragmatic checklist for building observability without violating user privacy, plus concrete design patterns to harden your own LLM ecosystems before attackers weaponize them for you. By: Jeremy Richards | AI Red Team, ServiceNow https://ift.tt/UxT0IGy

source https://www.youtube.com/watch?v=D4a8Udi2j-M

What It’s Like to Speak at Black Hat | Yaara Shriki, Threat Researcher at Wiz

Yaara Shriki, Threat Researcher at Wiz, shares her experience speaking at Black Hat, from pre-talk nerves to the excitement of presenting on one of cybersecurity’s biggest stages. #BlackHatStories #BHEU #BlackHat #cybersecurity

source https://www.youtube.com/shorts/YWc1uwIizUk

SecTor 2025 | Signature of Destruction: Outlook RCE Strikes Again

What if your Outlook signature could compromise your system? Following up on last year's RCE Chaos, where we achieved remote code execution through the injection of malicious forms by abusing Exchange Outlook synchronization protocols, we're back with a new class of Outlook remote code execution vulnerabilities—this time, abusing signature roaming between cloud and desktop clients. One compromised email account is all it takes to inject malicious signatures that auto-sync and execute on victims' machines—zero clicks, zero prompts. We'll unveil three new RCE CVEs: CVE-2025-21357 & CVE-2025-47171 extending last year's form injection abuse and CVE-2025-47176 weaponizing the recently stabilized Outlook Roaming Signatures feature. Expect live demos and a look into an overlooked attack surface that's been quietly sitting in your inbox for over a year. We'll also show how Exchange helps deliver the final payload—and why traditional detections will miss it. This one's for reversers, red teamers, and defenders who thought they knew Outlook. You don't. By: Michael Gorelik | Chief Technology Officer, Morphisec Arnold Osipov | Lead Researcher, Morphisec https://ift.tt/6jotvV2

source https://www.youtube.com/watch?v=d0TfvpV1u-E