Why Black Hat is Essential for Academics | Black Hat Stories

In this episode of Black Hat Stories, David Oswald, Professor in Cyber Security at Durham University, shares why Black Hat is essential for academics at every level. With a background spanning research and real-world security challenges, David has attended Black Hat multiple times and sees it as a unique bridge between academia and industry. 🎥 Watch the full story: https://youtu.be/U6ZV6m4hOaQ?si=-OwHc4GmESCcBjO1 🎟️Join us at Black Hat USA: https://ift.tt/BMF9DUE... 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/OsyPzAc #BlackHatStories #BlackHat #cybersecurity

source https://www.youtube.com/shorts/0S2gxRX1z9k

What Makes Black Hat Truly Shine | Black Hat Stories

Or Yair, Security Research Team Lead at SafeBreach highlights what makes Black Hat truly shine. By attending talks on topics he wouldn't normally explore, Or is able to gain insights that lead to faster breakthroughs and stronger research down the line. 🎥 Watch the full story: https://youtu.be/rNtuyrXPIc0?si=zgkZJsWfJQWImoM3 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/OsyPzAc #BlackHatStories #BlackHat #cybersecurity

source https://www.youtube.com/shorts/U3SFc03bOHU

SecTor 2025 | AI, Deepfakes, and the Next Evolution of Digital Identity Verification

As AI accelerates the creation of hyper-realistic deepfakes, synthetic voices, and automated impersonation bots, the question isn't just can you verify someone's identity…it is can you prove they're human at all? This session dives into the rapidly expanding chasm between traditional identity verification methods (KYC, MFA, biometric scans) and the emerging threat landscape driven by generative AI. We'll explore how fraudsters are already bypassing outdated verification systems with low-cost AI tools. Enterprises, governments, and fintechs are rethinking how trust is established in digital interactions. You'll get a look at the front lines of AI-driven identity verification: from liveness detection and behavioural biometrics to AI-trained identity graphs, multi-modal authentication, and zero-knowledge proof frameworks. We'll compare leading-edge solutions, assess where verification technology is failing in high-stakes use cases (banking, healthcare, government portals), and explore what the future of "personhood-as-a-service" might look like. By: Christine Dewhurst | Partner, NSC Tech Shelly Jafry-Biggs | Senior Managing Director, 4M Group Presentation Materials Available at: https://ift.tt/EFq5jAN

source https://www.youtube.com/watch?v=bllWkSuFaU4

SecTor 2025 | Security and Safety Testing for Agentic AI

Agentic AI changes the game. If early generative AI systems represented a step change from classic software, agentic AI brings us into a new era. Today we are seeing the early deployment of autonomous and semi-autonomous systems that plan, act, and adapt in open-ended environments. These agents introduce new forms of error and new vectors of exploitation that blur the line between safety failures and security breaches. While major AI labs perform safety and security testing when releasing new models, this testing is often general-purpose and context-agnostic. It is not typically rooted in threat and risk modeling for specific domains or use cases. As a result, high-level claims about model safety and security rarely reflect the risks these systems may pose when embedded in real products and workflows. This talk focuses on the approach and tools needed for grounded, scalable testing. This starts with threat and risk modeling tied to how agentic systems are used in practice, followed by expert-guided use of two complementary tools: (1) an automated red teaming pipeline that spins up and adapts adversarial and exploratory tests using AI, and (2) DoomArena, an open-source security and safety testing framework for agentic AI that allows for the translation of granular threat and risk modeling into strong, grounded, automated testing. This talk is for security professionals and enterprise leaders confronting the challenge of understanding and controlling the security and safety risks of genAI systems. It offers a conceptual foundation and practical toolset for testing rigorously at the blurry, high-stakes boundary of security and safety. By: Jason Stanley | Head of AI Research Deployment, ServiceNow Presentation Materials Available at: https://ift.tt/J8eM5hp

source https://www.youtube.com/watch?v=tTp1uypVeCQ

SecTor 2025 | Quantifying Cyber Risk as a National Defense Imperative

Critical infrastructure organizations face unprecedented cyber threats that blur the lines between corporate security and national security. This session presents a quantitative framework that positions enterprise cyber resilience as a critical component of national defense. The presentation will demonstrate how risk quantification methodologies transform abstract cyber threats into concrete financial metrics, enabling organizations to make informed security investment decisions that protect both corporate interests and national security. Drawing from real-world case studies across energy, healthcare, and defense sectors, the session showcases techniques for identifying, measuring, and mitigating risks with cascading impacts beyond corporate boundaries. Attendees will gain practical tools for quantifying cyber risk in financial terms, communicating security priorities to executive stakeholders, and aligning security strategies with national resilience objectives. The session includes a live demonstration of risk quantification applied to critical infrastructure scenarios. By: Zachary Schmidt | CEO, Gluck IT, LLC. Kellman Meghu | Principal Security Architect, DeepCove Cybersecurity Chris Storey | President and Founder, Gluck IT, LLC. Presentation Materials Available at: https://ift.tt/elsq5EV

source https://www.youtube.com/watch?v=LSUyda9KwjM

SecTor 2025 | Foreign Information Manipulation and Interference (FIMI) (Disinformation 2.0)

Foreign Information Manipulation and Interference (FIMI) (Disinformation 2.0) - How Patterns of Behaviour in the Information Environment Threaten or Attack Organizations' Values, Procedures and Political Processes Over the past decade, foreign information manipulation and interference (FIMI) operations have grown in complexity and scope. More specifically, Russia and China have continuously invested resources into developing their hybrid warfare strategy. Hybrid warfare goes beyond physical confrontation. It can include the use of conventional forces but also other elements, such as FIMI operations, to shape the policy, geostrategic positions, public opinion, and capabilities of a target country. The speed, availability, and cohesion of tools and tactics employed by foreign malign actors have increased in recent years as the result of increasing global interconnectivity via social media and the internet at large, as well as technological advancements - such as rapid improvements in generative AI - that increasingly enable faster, better, and cheaper FIMI operations and tactics including deep fakes, and manipulated content including text, images, audio, and video. Additionally, these campaigns increasingly seek to destabilize the very foundations of target countries - undermining democratic principles through the targeting of elections, eroding public trust in institutions and local media, and exploiting social divisions to distract and subvert the target's efforts toward progress. The speaker will walk the audience through some case studies that highlight patterns that targeted both NATO as an organization as well as individual NATO member countries and how there is often a link between different tactics, techniques, and procedures (TTPs) - such as usage of proxies, usage of sock puppet accounts, and increasing usage of generative AI to support their activities. FIMI campaigns also frequently target specific demographics to influence decision-making processes in politics, economy, or societal affairs. The lessons the speaker will share will help any organization better prepare for these narrative attacks created by misinformation and disinformation. Although attribution is not always straightforward on social media, it often becomes obvious through narrative analysis and social network analysis that foreign actors and the ecosystems they cultivate online covertly try to influence international public opinion on a wide range of topics and issues by amplifying polarization and eroding democratic discourse. The World Economic Forum 2025 Global Risks Report recognizes misinformation and disinformation as the #1 global threat with technological, economic, environmental, social, and political impacts. By: Franky Saegerman | Retired NATO Presentation Materials Available at: https://ift.tt/9EClWwm

source https://www.youtube.com/watch?v=pjRwkjjhOOM

SecTor 2025 | Ghost SIM Attack: Hacking Mobile Network Authentication Policies

The authentication policy of a mobile operator dictates the frequency and conditions under which an authentication procedure is triggered on the subscriber following a set number of events. A lax or insufficiently robust authentication policy may allow an attacker to perform the Ghost SIM Attack, an attack that results in potential fraud, starting by extracting essential SIM card information. This presentation unveils a comprehensive overview of the experimental setup and methodology utilized to execute the Ghost SIM Attack, along with an in-depth analysis of the authentication policies implemented by various operators and technologies across multiple countries around the world. The results reveal that the Ghost SIM Attack is successful across all the selected technologies and operators, highlighting the weak authentication policies configured. Finally, some countermeasures are proposed for the attack while also addressing its limitations. By: Pedro Cabrera | Founder, Ethon Shield Miguel Gallego | Partner, Ethon Shield Presentation Materials Available at: https://ift.tt/Ac5JqPR

source https://www.youtube.com/watch?v=Cvm4F7yVcik

SecTor 2025 | CAN Bus for Car Nerds and Security People Who Should Know Better

In the world of custom car builds, knowing how to turn a wrench is only half the battle — the other half is figuring out why your 700hp engine swap won't talk to the dash, the AC won't work, and the wipers have developed a mind of their own. The answer, nine times out of ten? The CAN (Controller Area Network) bus. So why are we talking about this at SecTor? Because reverse-engineering CAN is shockingly familiar territory: wire-level protocols, undocumented messages, weird vendor quirks, and the occasional "why did they do it that way?" moment. Sound familiar? This session is a crash course in CAN for people who know what a packet sniffer is, even if they've never built a drift car. We'll cover: • What CAN bus is and how it works (without turning it into an EE lecture) • How to reverse-engineer vehicle signals with tools like SavvyCAN, cansniffer, and your favorite logic analyzer • Real-world hacks like tricking factory gauges into working with aftermarket ECUs • Making analog sensors speak fluent CAN • Getting digital clusters, body control modules, and even climate systems to play nice And when all else fails? We'll talk about workarounds, black-boxing, and why sometimes, the answer really is "just cut the wire." Whether you're doing an EV swap, dropping a Hellcat into a 1970s pickup, or just want to understand how thieves steal F-150s by hotwiring the headlight — this session is for you. Brian Bourne | Co-Founder, SecTor Presentation Materials Available at: https://ift.tt/XzqytBJ

source https://www.youtube.com/watch?v=n4Mbc0ljhqo

SecTor 2025 | Hacking Policy for the Public Good

What happens when a security professional tries to help a government fix its insecure software? In this talk, I'll share my story: from writing a secure coding policy and offering it to the Canadian government, lobbying elected officials, contacting agencies like CRA about their poor security practices—and being met with silence, deflection, or outright dismissal. I didn't stop there. I wrote public letters, went on podcasts, published on Risky Biz, and even got interviewed by CBC. But the institutions in charge of protecting our data? Either silence or "No comment, because security." This isn't just a rant—it's a roadmap. I'll show you the secure coding guideline I created (free to reuse), explain why governments need public-facing AppSec policies, and outline how we can push for secure-by-default practices as citizens, hackers, and builders. Because secure code isn't just for dev teams—it's for democracy, privacy, and public safety. Let's make it law. Let's make it public. By: Tanya Janca | CEO and Secure Coding Trainer, She Hacks Purple Consulting Presentation Materials Available at: https://ift.tt/oTsheWV

source https://www.youtube.com/watch?v=JDo_RfDKQCw

SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls

Join me to watch attacks on physical access control systems, showcased during multiple live demos alongside interesting stories from real-life physical Red Team assessments. As a Red Teamer, I did a lot of engagements requiring me to break into buildings protected by RFID-based Access Control Systems. Normally, I would start with access card cloning... but what if it's not an option? What are the other ways in which one could bypass these systems to bypass the security mechanisms of physical ACS? We will see: - How to intercept the communication between the reader and the controller that are using the Wiegand protocol, along with a demo of this attack; - How the reader can be weaponized to perform a downgrade attack, allowing for making a malicious clone of a card that otherwise would be hard to forge; - How the OSDP protocol works and what the security implications of using it are - What are the other ways to bypass the access control security mechanisms? I will also share some experience and stories from Red Team engagements to demonstrate how to try and use this knowledge in real life – possibly without getting caught. By: Julia Zduńczyk | IT Security Specialist, SecuRing Presentation Materials Available at: https://ift.tt/1ySxY4D

source https://www.youtube.com/watch?v=DcmOObS1Wgc

Black Hat Stories | Meet David Oswald, Cyber Security Professor at Durham University

Unlike traditional academic conferences, Black Hat offers practical, hands-on insights that bring fresh perspective to research and teaching. Hear David's perspective on how Black Hat connects theory with real-world application and why it's a must-attend for anyone in security and academia. 🎥 Watch the full story: https://youtu.be/U6ZV6m4hOaQ?si=-OwHc4GmESCcBjO1 🎟️Join us at Black Hat USA: https://ift.tt/on1QAcY... 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/VqPeN51 #BlackHatStories #BlackHat #cybersecurity

source https://www.youtube.com/shorts/aE8dDZ2OveE