Black Hat USA 2025 | Evaluating Autonomous Vehicle Resilience

The Adversarial Scenario Fuzzer is an automated testing framework that evaluates autonomous vehicle resilience against potentially harmful teleoperation commands. While teleoperation can help resolve complex driving situations, incorrect or malicious commands pose safety risks. The fuzzer systematically generates challenging scenarios through simulation, including: - Malicious trajectory suggestions - Conflicting guidance signals - Environmental perturbations Using iterative optimization, the fuzzer creates increasingly impactful test cases while evaluating the vehicle's ability to reject unsafe commands. This approach helps validate the robustness of autonomous decision-making systems and ensures safety mechanisms can effectively handle adversarial inputs. By: Zhisheng Hu | Product Security Engineer, Zoox, Inc. Shanit Gupta | Director of Product Security, Zoox, Inc. Cooper de Nicola | Product Security Engineer, Zoox, Inc. Presentation Materials Available at: https://ift.tt/82oEYtq

source https://www.youtube.com/watch?v=kmPhJAz-5Rc

Black Hat USA 2025 | Windows Hell No for Business

Windows Hello is the flagship of Microsoft's passwordless strategy. It is used to authenticate users, not just at login but also in new features such as Personal Data Encryption, Administrator Protection, Passkeys, and Recall. Windows Hello allows a user to authenticate without a password but using a PIN or biometrics, a fingerprint or face recognition. Windows Hello for Business (WHfB) extends these capabilities in order to enable authentication using an Identity Provider like Entra ID or Active Directory. Also, Windows Hello can be configured to run in Enhanced Sign-in Security (ESS) mode. Using Virtual Based Security, this mode is supposed to isolate the identification procedure, preventing attacks even from administrators. This talk provides the most comprehensive overview of WHfB's internal mechanisms so far, discussing WHfB's big and little secrets, lifted by reverse engineering. We follow the journey of biometrics through the system, from capture to identification. This allows us to answer many questions: Where are biometric data stored? What is the role of the so-called indispensable TPM? What is ESS and what security does it really provide? What is transmitted to the Identity Provider when we have no password involved? Particular focus will be put on the internals of databases used for facial recognition. One might think that biometrics to identify a user would be secure, and potentially protected via the TPM, but this is not the case. In fact, it is quite the opposite! We will present a new attack that targets the storage subsystem of the biometric unit. We will show how the biometric templates are "encrypted" and how a local administrator can exchange biometric features in the database. This allows authentication as any user already enrolled in the targeted system, including the possibility to make a lateral movement by usurping a domain administrator. Smile, you are on camera, and you are authenticated as someone else. Finally, we will discuss possible remediations to use WHfB in a more secure context. By: Baptiste David | IT Security Specialist, ERNW Enno Rey Netzwerke GmbH Tillmann Oßwald | Security Researcher, ERNW Enno Rey Netzwerke GmbH Presentation Materials Available at: https://ift.tt/4PjbmfK

source https://www.youtube.com/watch?v=SkWZ5KcelD4

Black Hat USA 2025 | Use and Abuse of Personal Information -- Politics Edition

Over the past 5 years, we have employed active open-source intelligence (OSINT) techniques to test the question of how our personal information is used, shared, or otherwise abused. To do this, we created an automated collection framework with realistic fake identities used in one-time online transactions and then passively collect email, voicemail, and SMS responses from that event. The key highlight of this talk are the results from 2000+ fake identities signed up to the declared political candidates for the 2024 U.S. elections (U.S. House and Senate pre-primary candidates as of ~Oct 2023; presidential candidates added as announced), tracing how information was used (e.g., numbers and patterns of email, comparison of "hot" races to "in the bag" ones, geographical responses, sentiment analysis) or shared (e.g., routine sharing and overnight/unified shift in Democratic party support of Harris after Biden withdrawal). Additional trends are demonstrated for attempting to predict the outcomes of races based upon their messaging behaviors, coordinated intra-party responses to events, the post-election and post-inauguration phases, the lack of direct mailings, and other fun anecdotes like having one of our fake IDs traced back to us via IP inspection. We will strive to keep the discussion apolitical, as the focus is more about the data/trends and what our expectations should be for our personal privacy when providing our information to political candidates. As this talk builds on a prior Black Hat USA 2021 talk, we'll also discuss automation techniques for active OSINT frameworks and preliminary results for a fully integrated "interaction engine" that enables generative AI email responses with machine generated personalities, based on the "Big-5" psychometric factors. By: Alan Michaels | Northrop Grumman Sr. Faculty Fellow / Professor and Director, Spectrum Dominance, Virginia Tech National Security Institute Jared Byers | Research Associate, Virginia Tech National Security Institute Full Presentation Materials Available at: https://ift.tt/14FDvj5

source https://www.youtube.com/watch?v=Lf2k8QPEPqs

Black Hat USA 2025 | Smart Charging, Smarter Hackers: The Unseen Risks of ISO 15118

The rise of electric vehicles (EVs) is reshaping global mobility, paving the way for a cleaner, more sustainable future. But this shift is not without challenges. By 2040, more than 600 million EVs are expected to be on the roads, placing enormous pressure on our electricity grids. This could lead to instability and disruptions in the electricity supply, particularly during peak demand. To address this challenge, the International Organization for Standardization released 15118 - a standard that introduces technologies like smart charging and Vehicle-to-Grid communication. These innovations not only help reduce the pressure on the grid, but also promise to enhance the user experience of charging an EV, making it more intuitive and, more importantly, secure. That said, while resolving several critical cybersecurity issues, the standard also introduces new risks. This session will explore how ISO 15118 reshapes the threat landscape of EV charging. We will examine the cybersecurity implications of the standard, looking at the risks it mitigates, shifts, and creates. In fact, while ISO 15118 offers substantial improvements, we argue that the standard is not sufficient to fully secure the EV charging ecosystem. Using ISO 15118 as an example, we will demonstrate how standards and policies - even those that explicitly target cybersecurity - can inadvertently introduce new attack vectors, making them a double-edged sword. By: Salvatore Gariuolo | Senior Threat Researcher, Trend Micro Inc. Presentation Materials Available at: https://ift.tt/N3t72Hg

source https://www.youtube.com/watch?v=_furvigQmxk

Black Hat Asia 2026 Speaker Spotlight - Tal Be'ery

Tal Be'ery of Black Hat Asia Briefings - Your Number Is Up: When 3.5 Billion Strangers Can Exploit Your WhatsApp Devices

source https://www.youtube.com/watch?v=OPz7GJ5e6mw

Black Hat USA 2025 | HTTP/1.1 Must Die! The Desync Endgame

Some people think the days of critical HTTP request smuggling attacks on hardened targets have passed. Unfortunately, this is an illusion propped up by wafer-thin mitigations that collapse as soon as you apply a little creativity. As long as HTTP/1.1 lives, desync attacks will thrive. In this session, I'll introduce multiple new classes of desync attack, enabling mass compromise of user credentials across hundreds of targets, including tech giants, SaaS providers, US government systems, and almost every company using a certain CDN. Every technique has been honed for maximum impact with minimum effort, with an unplanned collaboration yielding over $200,000 in bug bounties in two weeks. I'll also share the research methodology and open-source toolkit that made this possible, replacing outdated, canned-exploit probes with focused analysis that reveals each target's unique weak spots. This strategy creates an avalanche of desync research leads, yielding results ranging from entire new attack classes, down to exotic implementation flaws that bleed server memory into attackers' welcoming arms. You'll witness attacks meticulously crafted from theoretical foundations alongside accidental exploits with a root cause so incomprehensible, the developers ended up even more confused than me. You'll leave this talk equipped with everything you need to join me in the desync research endgame: the mission to kill HTTP/1. By: James Kettle | Director of Research, PortSwigger Presentation Materials Available at: https://ift.tt/CxqeYvS

source https://www.youtube.com/watch?v=FJbuAyxTTWc

Black Hat USA 2025 | "Dead Pixel Detected" - A Security Assessment of Apple's Graphics Subsystem

As one of the most significant attack surfaces in Operating Systems, the graphics subsystem has always been a focus of the security community. Given the lack of source code and technical documentation, conducting a comprehensive security assessment of such subsystems, particularly their kernel-mode components, remains an arduous task. Let's consider the Apple Silicon platform as a reference. Upon examining the security advisories from the past year, it is clear that the number of kernel vulnerabilities has diverged from the theoretical error rate per ten thousand lines of binary code. In the meantime, the AI revolution is accelerating, and large language models are placing more stringent demands on platform security. As security researchers, it is our obligation to step forward and safeguard these critical infrastructures. This presentation will delve into the Apple's Intel-based GPU, Apple Graphics Accelerator (AGX GPU), IOMobileFrameBuffer (IOMFB) and Display Co-processor (DCP), from the perspectives of system architecture and implementation, reverse engineering and attack surface evaluation, fuzzing and vulnerability hunting. As part of the findings, this presentation will share with you more than a dozen kernel vulnerabilities, including CVE-2024-40854, CVE-2024-44197, CVE-2024-44199, CVE-2025-24111, CVE-2025-24257, CVE-2025-24273, etc. These brand new issues impact each of the components mentioned above. Through these case studies, you might gain a deeper understanding of the architecture design of Apple's graphics subsystem, as well as the security challenges emerging in the era of Apple Private Cloud Compute. By: Yu Wang | Co-founder and CEO, CyberServal Weiteng Chen | Researcher, Microsoft Research, Redmond Presentation Materials Available at: https://ift.tt/RuOxmbG

source https://www.youtube.com/watch?v=JYmh7gCoIFo

Black Hat USA 2025 | Peril at the Plug: Investigating EV Charger Security and Safety Failures

The past few years have seen a rapid increase in Level 2 EV charging equipment (EVSE) options for consumers. Along with choosing the right equipment, EV owners face installation decisions, such as hiring specialized installers or doing it themselves. However, many consumers are unaware of the cybersecurity risks inherent in all chargers. Vulnerability bounty programs have shown that even simple remote attacks can take full control of these devices. These challenges create an environment of safety risks that can endanger life and property. Our research examines the real-world consequences of compromised EVSE through the destructive testing of seven different products. We begin by reviewing common remote attacks found across various EV chargers and disclose several recently identified zero-day vulnerabilities. We then introduce a testing methodology simulating a worst-case scenario where a malicious actor bypasses safety mechanisms to cause maximum damage. The results include video footage of the tests, showcasing any destruction, collateral damage, and latent hazards. Lastly, we offer recommendations for enhancing safety through security best practices, hardware design, and implementation. Attendees will gain insight into the current state of EVSE security, how to assess EVSE safety mechanisms and the real-world dangers of using EVSE with safety features that can be bypassed via compromise. By: Jonathan Andersson | Sr. Manager Security Research, Trend Micro Thanos Kaliyanakis | Vulnerability Researcher, Trend Micro Full Session Details Available at: https://ift.tt/8B4w6Hz

source https://www.youtube.com/watch?v=4l6hsv8IlWE

Black Hat USA 2025 | Racing for Privilege

Racing for Privilege: Leaking Privileged Memory From Any Intel System Using a Microarchitectural Race Condition Enhanced Indirect Branch Restricted Speculation (eIBRS) is Intel's primary defense against Branch Target Injection-style (BTI) Spectre attacks. eIBRS prevents misuse of untrusted branch target predictions in higher privilege domains (i.e., kernel/hypervisor mode) by restricting predictions from other privilege domains other than the one they were created for. Since its inception in late 2018, eIBRS remains the best-suited BTI defense that all major operating systems and hypervisors rely on, and it has so far successfully prevented attackers from injecting arbitrary branch target predictions across privilege boundaries. However, our research finds that microarchitectural mitigations like eIBRS, much like software, are vulnerable to race conditions. Consequently, we will demonstrate an exploitation technique that allows attackers to inject branch target predictions not only into higher privilege domains, but also across prediction barriers (i.e., IBPB) meant to invalidate all such predictions. Tracing back the bug to its origin, we find that it has been present ever since the eIBRS was first introduced, meaning systems have been vulnerable for over 7 years! We will demonstrate that this issue is easy to exploit by building an arbitrary privileged memory read primitive, evaluated (5.6 kB/s) on an up-to-date Ubuntu 24.04 system with all default mitigations enabled. This attack shows how easily hardware mitigations can fall apart when integrated into a complex CPU design, and it gives us a reminder of how much trust the computer industry faithfully puts into hardware vendors' security claims. By: Sandro Rüegge | Security Researcher, ETH Zürich Johannes Wikner | CPU Therapist, PhD, ETH Zurich Presentation Materials Available at: https://ift.tt/0UQ7idh

source https://www.youtube.com/watch?v=ULXuhxj-WgA

Black Hat USA 2025 | Hackers Dropping Mid-Heist Selfies

Hackers Dropping Mid-Heist Selfies: LLM Identifies Information Stealer Infection Vector and Extracts IoCs Information stealer malware has become one of the most prolific and damaging threats in today's cybercrime landscape, siphoning off everything from browser-stored credentials to session tokens and other system secrets. In 2024 alone, we witnessed more than 30 million stealer logs traded on underground markets. Yet buried within these logs is an underexplored goldmine: screenshots captured at the precise moment of infection. Think of it as a thief taking a selfie mid-heist, unexpected but convenient for us, right? Surprisingly, these crime scene snapshots have been largely overlooked until now. Leveraging infostealer infection screenshots and Large Language Models (LLMs), we propose a new approach to identify infection vectors, extract indicators of compromise (IoCs) and track infostealer campaigns at scale. Our approach found several hundred potential IoCs in the form of URLs leading to the download of the malware-laden payload. By applying this method to "fresh" stealer logs, we can detect and mitigate infection vectors almost instantaneously, reducing further infections. Our analysis uncovered distribution strategies, lure themes and social engineering techniques used by threat actors in successful infection campaigns. We will break down three distinct campaigns to illustrate the tactics they use to deliver malware and deceive victims: cracked versions of popular software, ads pointing to popular software and free AI image generators. This presentation, with its live demonstration, shows how LLMs can be harnessed to extract IoCs at scale while addressing the challenges and costs of implementation. Attendees will walk away with a deeper understanding of the modern infostealer ecosystem and will want to apply LLM to other illicit artifacts to extract actionable intelligence. By: Estelle Ruellan | Threat Intelligence Researcher, Flare Olivier Bilodeau | Principal Security Researcher, Flare Presentation Materials Available at: https://ift.tt/1GYAekO

source https://www.youtube.com/watch?v=WQFIfORignI

Black Hat USA 2025 | Unix Underworld: Tales from the Dark Side of z/OS

You may have heard tales of mainframe pentesting and exploitation before - mostly from us! Those stories often focused on the MVS/ISPF side of the IBM z/OS. But did you know that all those same tricks (and more!) can be pulled off in z/OS Unix System Services (OMVS) as well? I bet you didn't even know z/OS had a UNIX side! Over the years, we've discovered multiple unique attack paths when it comes to Unix on the mainframe. In this talk, we'll present live demos of real-world scenarios we've encountered during mainframe penetration tests. These examples will showcase what can happen with poor file hygiene leading to database compromises, inadequate file permissions enabling privilege escalation, a lack of ESM resource understanding allowing for privileged command execution, and how dataset protection won't save you from these attacks. We'll also be demonstrating what can happen when we overflow the buffer in an APF authorized dataset. Attendees will learn how to test these controls themselves using freely available open-source tools and how to (partially) detect these attacks. While privesc in UNIX isn't game over for your mainframe, it's pretty close. By the end, it will be clear that simply granting superuser access to Unix can be just as dangerous, if not more so, than giving access to TSO on the mainframe. By: Philip Young | Director Mainframe Penetration Testing Services, NetSPI Chad Rikansrud | Software Security Researcher, Broadcom Presentation Materials Available at: https://ift.tt/DOXYWFE

source https://www.youtube.com/watch?v=3wQHhGxVTuo