BLACKHAT 2025 USA
Wednesday | 8:00am
Briefings Breakfast
Track
:
Location
: Michelob ULTRA Arena, Concourse Level
Wednesday | 9:00am
Keynote: Three Decades in Cybersecurity: Lessons Learned and What Comes Next
Speaker:
Mikko Hypponen
Track
: Keynote
Format
: 40-Minute Keynote
Location
: Michelob ULTRA Arena, Concourse Level
Wednesday | 10:20am
AppleStorm - Unmasking the Privacy Risks of Apple Intelligence
Speaker:
Yoav Magid
Tracks
: Privacy, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets
Speaker:
Alon Leviev
,
Speaker:
Netanel Ben Simon
,
Contributor:
Yair Netzer
,
Contributor:
Amit Dori
Tracks
: Platform Security, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Briefings Policy Track Meetup 1: Panel & Conversation with Senior Government Officials
Moderator:
Jason Healey
,
Moderator:
Dr. Amit Elazari
,
Panelist:
Michael Duffy
,
Panelist:
Rob Knake
,
Panelist:
Robert Costello
Track
: Policy
Format
: 40-Minute Briefings
Location
: Breakers B, Level 2
Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years
Speaker:
Yuhao Jiang
,
Contributor:
Xinlei Ying
,
Speaker:
Ziming Zhang
Tracks
: Exploit Development & Vulnerability Discovery, Cloud Security
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
From Prompts to Pwns: Exploiting and Securing AI Agents
Speaker:
Rebecca Lynch
,
Speaker:
Rich Harang
Tracks
: AI, ML, & Data Science, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
Ghost Calls: Abusing Web Conferencing for Covert Command & Control
Speaker:
Adam Crosser
Tracks
: Network Security, Malware
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDR
Speaker:
Olaf Hartong
Tracks
: Threat Hunting & Incident Response, Enterprise Security
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
ReVault! Compromised by Your Secure SoC
Speaker:
Philippe Laulheret
Tracks
: Hardware / Embedded, Platform Security
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Watching the Watchers: Exploring and Testing Defenses of Anti-Cheat Systems
Speaker:
Marius Muench
,
Speaker:
Sam Collins
,
Speaker:
Tom Chothia
Tracks
: Defense & Resilience, Malware
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls
Speaker:
David Brauchler III
Tracks
: Application Security: Defense, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
Wednesday | 11:00am
Briefings Morning Refreshment Break
Track
:
Location
: Foyer Areas (Levels 0, 2 & 3)
Wednesday | 11:20am
A Worm in the Apple - Wormable Zero-Click RCE in AirPlay Impacts Billions of Apple and IoT Devices
Speaker:
Gal Elbaz
,
Speaker:
Avi Lumelsky
,
Speaker:
Uri Katz
Tracks
: Exploit Development & Vulnerability Discovery, Platform Security
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Back to the Future: Hacking and Securing Connection-based OAuth Architectures in Agentic AI and Integration Platforms
Speaker:
Kaixuan Luo
,
Contributor:
Xianbo Wang
,
Contributor:
Adonis Fung
,
Contributor:
Yanxiang Bi
,
Speaker:
Wing Cheong Lau
Tracks
: Application Security: Offense, Cloud Security
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
Breaking Chains: Hacking Android Key Attestation
Speaker:
Alex Gonzalez
Tracks
: Mobile, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities
Speaker:
Andres Riancho
,
Speaker:
Hillai Ben-Sasson
,
Contributor:
Ronen Shustin
Tracks
: Cloud Security, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Briefings AI Track Meetup
Moderator:
Nathan Hamiel
Track
: AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Breakers B, Level 2
Ghosts in the Machine Check - Conjuring Hardware Failures to Breach CPU Privilege Boundaries
Speaker:
Christopher Domas
Tracks
: Platform Security, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
No Hoodies Here: Organized Crime in AdTech
Speaker:
Renée Burton
,
Speaker:
Dave Mitchell
,
Contributor:
Christopher Kim
Tracks
: Threat Hunting & Incident Response, Enterprise Security
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Unix Underworld: Tales from the Dark Side of z/OS
Speaker:
Philip Young
,
Speaker:
Chad Rikansrud
Tracks
: Platform Security, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
When 'Changed Files' Changed Everything: Uncovering and Responding to the tj-actions Supply Chain Breach
Speaker:
Varun Sharma
,
Speaker:
Ashish Kurmi
Tracks
: Malware, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Windows Hell No for Business
Speaker:
Baptiste David
,
Speaker:
Tillmann Oßwald
Tracks
: Enterprise Security, Reverse Engineering
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
Wednesday | 12:00pm
Briefings Lunch
Track
:
Location
: Bayside D & E, Level 1
Wednesday | 12:15pm
Main Stage: IS YOUR CTEM MONEY-MINDED? Unveiling A New Approach to Cyber Risk Management: Moving from Attack Surface Management to Risk Surface Management
Sponsor Speaker:
Richard Seiersen
Track
: Main Stage
Format
: 25-Minute Main Stage
Location
: Oceanside A, Level 2
Wednesday | 12:50pm
Main Stage: Proof, Not Promises: Redefining Cybersecurity for the Defense Industrial Base
Sponsor Speaker:
Snehal Antani
,
Sponsor Speaker:
Bailey Bickley
Track
: Main Stage
Format
: 25-Minute Main Stage
Location
: Oceanside A, Level 2
Wednesday | 1:30pm
"Dead Pixel Detected" - A Security Assessment of Apple's Graphics Subsystem
Speaker:
Yu Wang
,
Speaker:
Weiteng Chen
Tracks
: Reverse Engineering, Platform Security
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Cybersecurity, AI, and Our Brains. A Fireside Chat with Cognitive Scientist and AI Expert Gary Marcus
Speaker:
Gary Marcus
,
Moderator:
Nathan Hamiel
Track
: AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Death by Noise: Abusing Alert Fatigue to Bypass the SOC (EDR Edition)
Speaker:
Rex Guo
,
Speaker:
Khang Nguyen
Tracks
: Threat Hunting & Incident Response, Enterprise Security
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
ECS-cape – Hijacking IAM Privileges in Amazon ECS
Speaker:
Naor Haziz
Tracks
: Cloud Security, Network Security
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
Speaker:
Shu-Hao Tung
Tracks
: Network Security, Enterprise Security
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
Keynote: Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab
Speaker:
Ron Deibert
Track
: Keynote
Format
: 40-Minute Keynote
Location
: Oceanside A, Level 2
Out Of Control: How KCFG and KCET Redefine Control Flow Integrity in the Windows Kernel
Speaker:
Connor McGarr
Tracks
: Defense & Resilience, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Shade BIOS: Unleashing the Full Stealth of UEFI Malware
Speaker:
Kazuki Matsuo
Tracks
: Malware, Platform Security
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Tracking the Tractors: Analyzing Smart Farming Automation Systems for Fun and Profit
Speaker:
Felix Eberstaller
,
Speaker:
Bernhard Rader
,
Contributor:
Sebastian Ranftl
Tracks
: Cyber-Physical Systems & IoT, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Wednesday | 2:30pm
Adversarial Fuzzer for Teleoperation Commands: Evaluating Autonomous Vehicle Resilience
Speaker:
Zhisheng Hu
,
Speaker:
Shanit Gupta
,
Contributor:
Cooper de Nicola
Tracks
: Defense & Resilience, Cyber-Physical Systems & IoT
Format
: 30-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Azure's Weakest Link? How API Connections Spill Secrets
Speaker:
Haakon Gulbrandsrud
Tracks
: Cloud Security, Exploit Development & Vulnerability Discovery
Format
: 30-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Burning, Trashing, Spacecraft Crashing: A Collection of Vulnerabilities That Will End Your Space Mission
Speaker:
Andrzej Olchawa
,
Speaker:
Milenko Starcik
,
Contributor:
Ricardo Fradique
,
Contributor:
Ayman Boulaich
Tracks
: Exploit Development & Vulnerability Discovery, Application Security: Offense
Format
: 30-Minute Briefings
Location
: Mandalay Bay H, Level 2
Digital Dominoes: Scanning the Internet to Expose Systemic Cyber Risk
Speaker:
Morgan Hervé-Mignucci
Tracks
: Policy, Enterprise Security
Format
: 30-Minute Briefings
Location
: South Seas A & B, Level 3
LLMDYara: LLMs-Driven Automated YARA Rules Generation with Explainable File Features and DNAHash
Speaker:
Xiaochen Wang
,
Speaker:
Yiping Liu
,
Contributor:
Xiaoman Wang
,
Contributor:
Cong Cheng
Tracks
: Malware, AI, ML, & Data Science
Format
: 30-Minute Briefings
Location
: Jasmine A & E, Level 3
Pwning User Phishing Training Through Scientific Lure Crafting
Speaker:
Christian Dameff
,
Speaker:
Ariana Mirian
Track
: Human Factors
Format
: 30-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Thinking Outside the Sink: How Tree-of-AST Redefines the Boundaries of Dataflow Analysis
Speaker:
Sasha Zyuzin
,
Speaker:
Ruikai Peng
Tracks
: AI, ML, & Data Science, Application Security: Defense
Format
: 30-Minute Briefings
Location
: Oceanside C, Level 2
Turning Camera Surveillance on its Axis
Speaker:
Noam Moshe
Tracks
: Cyber-Physical Systems & IoT, Exploit Development & Vulnerability Discovery
Format
: 30-Minute Briefings
Location
: Oceanside A, Level 2
Vaulted Severance: Your Secrets Are Now Outies
Speaker:
Shahar Tal
,
Speaker:
Yarden Porat
Tracks
: Enterprise Security, Reverse Engineering
Format
: 30-Minute Briefings
Location
: South Seas C & D, Level 3
Wednesday | 3:00pm
Briefings Afternoon Refreshment Break
Track
:
Location
: Foyer Areas, Levels 0 2 & 3
Wednesday | 3:20pm
Amplify and Annihilate: Discovering and Exploiting Vulnerable Tunnelling Hosts
Speaker:
Angelos Beitis
,
Speaker:
Mathy Vanhoef
Track
: Network Security
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Autonomous Timeline Analysis and Threat Hunting: An AI Agent for Timesketch
Speaker:
Alex Kantchelian
,
Speaker:
Maarten van Dantzig
,
Contributor:
Diana Kramer
Tracks
: Threat Hunting & Incident Response, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Booting into Breaches: Hunting Windows SecureBoot's Remote Attack Surfaces
Speaker:
Jietao Yang
Tracks
: Exploit Development & Vulnerability Discovery, Platform Security
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Bypassing PQC Signature Verification with Fault Injection: Dilithium, XMSS, SPHINCS+
Speaker:
Fikret Garipay
Tracks
: Cryptography, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Hackers Dropping Mid-Heist Selfies: LLM Identifies Information Stealer Infection Vector and Extracts IoCs
Speaker:
Estelle Ruellan
,
Speaker:
Olivier Bilodeau
Tracks
: Malware, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
HTTP/1.1 Must Die! The Desync Endgame
Speaker:
James Kettle
Tracks
: Application Security: Offense, Application Security: Defense
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
The 5G Titanic
Speaker:
Altaf Shaik
,
Contributor:
Robert Jaschek
Tracks
: Mobile, Network Security
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
Universal and Context-Independent Triggers for Precise Control of LLM Outputs
Speaker:
Jiashuo Liang
,
Contributor:
Guancheng Li
Track
: AI, ML, & Data Science
Format
: 30-Minute Briefings
Location
: South Seas A & B, Level 3
Use and Abuse of Personal Information -- Politics Edition
Speaker:
Alan Michaels
,
Speaker:
Jared Byers
Tracks
: Privacy, Policy
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
Wednesday | 4:20pm
Advanced Active Directory to Entra ID Lateral Movement Techniques
Speaker:
Dirk-jan Mollema
Tracks
: Cloud Security, Enterprise Security
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
AI Enterprise Compromise - 0click Exploit Methods
Speaker:
Michael Bargury
,
Speaker:
Tamir Ishay Sharbat
Tracks
: Defense & Resilience, Enterprise Security
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Derandomizing the Location of Security-Critical Kernel Objects in the Linux Kernel
Speaker:
Lukas Maar
,
Speaker:
Lukas Giner
Tracks
: Exploit Development & Vulnerability Discovery, Cloud Security
Format
: 30-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Firewalls Under Fire: China's 5+ Year Campaign to Penetrate Perimeter Network Defenses
Speaker:
Andrew Brandt
Tracks
: Threat Hunting & Incident Response, Enterprise Security
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Hacking the Status Quo: Tales From Leading Women in Cybersecurity
Panelist:
Valentina Palmiotti
,
Panelist:
Kymberlee Price
,
Panelist:
Chi-en (Ashley) Shen
,
Panelist:
Natalie Silvanovich
,
Moderator:
Vandana Verma
Track
: Leadership
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite
Speaker:
Ben Nassi
,
Speaker:
Or Yair
,
Speaker:
Stav Cohen
Track
: AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
Leveraging Jamf for Red Teaming in Enterprise Environments
Speaker:
Lance Cain
,
Speaker:
Daniel Mayer
Track
: Enterprise Security
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Not Sealed: Practical Attacks on Nostr, a Decentralized Censorship-Resistant Protocol
Speaker:
Hayato Kimura
,
Contributor:
Ryoma Ito
,
Contributor:
Kazuhiko Minematsu
,
Contributor:
Shogo Shiraki
,
Contributor:
Takanori Isobe
Tracks
: Cryptography, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Smashing Model Scanners: Advanced Bypass Techniques and a Novel Detection Approach
Speaker:
Itay Ravia
Tracks
: Application Security: Defense, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
Thursday | 8:00am
Briefings Breakfast
Track
:
Location
: Michelob ULTRA Arena, Concourse Level
Thursday | 9:00am
Keynote: The New Frontline: Cyber on the Precipice
Speaker:
Nicole Perlroth
Track
: Keynote
Format
: 60-Minute Keynote
Location
: Michelob ULTRA Arena, Concourse Level
Thursday | 10:20am
Briefings Policy Track Meetup 2: Panel & Conversation with Senior Policy Makers
Moderator:
Jason Healey
Track
: Policy
Format
: 40-Minute Briefings
Location
: Breakers B, Level 2
Diving into Windows HTTP: Unveiling Hidden Preauth Vulnerabilities in Windows HTTP Services (PRE-RECORDED)
Speaker:
Qibo Shi
,
Speaker:
Victor V
,
Contributor:
Wei Xiao
,
Contributor:
Zhiniang Peng
Tracks
: Network Security, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
Evil Digital Twin, Too: The First 30 Months of Psychological Manipulation of Humans by AI
Speaker:
Ben D. Sawyer
,
Speaker:
Matthew Canham
Tracks
: Human Factors, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
FACADE: High-Precision Insider Threat Detection Using Contrastive Learning
Speaker:
Alex Kantchelian
,
Speaker:
Elie Bursztein
,
Contributor:
Birkett Huber
,
Contributor:
Casper Neo
,
Contributor:
Sadegh Momeni
,
Contributor:
Yanis Pavlidis
,
Contributor:
Ryan Stevens
Tracks
: Enterprise Security, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
Hack to the Future: Owning AI-Powered Tools with Old School Vulns
Speaker:
Nathan Hamiel
,
Speaker:
Nils Amiet
Tracks
: Application Security: Offense, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Kernel-Enforced DNS Exfiltration Security: Framework Built for Cloud Environments to Stop Data Breaches via DNS at Scale
Speaker:
Vedang Parasnis
Tracks
: Cloud Security, Enterprise Security
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Keynote: Threat Modeling and Constitutional Law
Speaker:
Jennifer Granick
Track
: Keynote
Format
: 40-Minute Keynote
Location
: Oceanside D, Level 2
Lost in Translation: Exploiting Unicode Normalization
Speaker:
Ryan Barnett
,
Speaker:
Isabella Barnett
Tracks
: Application Security: Defense, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol
Speaker:
Tom Tervoort
Tracks
: Cryptography, Cyber-Physical Systems & IoT
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Peril at the Plug: Investigating EV Charger Security and Safety Failures
Speaker:
Jonathan Andersson
,
Speaker:
Thanos Kaliyanakis
Tracks
: Cyber-Physical Systems & IoT, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
XUnprotect: Reverse Engineering macOS XProtect Remediator
Speaker:
Koh Nakagawa
Tracks
: Reverse Engineering, Malware
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Thursday | 11:00am
Briefings Morning Refreshment Break
Track
:
Location
: Foyer Areas, Levels 0 2 & 3
Thursday | 11:20am
AI Agents for Offsec with Zero False Positives
Speaker:
Brendan Dolan-Gavitt
Track
: AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Clustered Points of Failure - Attacking Windows Server Failover Clusters
Speaker:
Garrett Foster
Track
: Enterprise Security
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications
Speaker:
Fengyu Liu
,
Speaker:
YouKun Shi
,
Contributor:
Tian Chen
,
Contributor:
Bocheng Xiang
,
Contributor:
Junyao He
,
Contributor:
Qi Li
,
Contributor:
Guangliang Yang
,
Contributor:
Yuan Zhang
,
Contributor:
Min Yang
Tracks
: Application Security: Offense, Exploit Development & Vulnerability Discovery
Format
: 30-Minute Briefings
Location
: Jasmine A & E, Level 3
E-Trojans: Ransomware, Tracking, DoS, and Data Leaks on Xiaomi Electric Scooters
Speaker:
Marco Casagrande
,
Speaker:
Daniele Antonioli
Tracks
: Cyber-Physical Systems & IoT, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
How to Secure Unique Ecosystem Shipping 1 Billion+ Cores?
Speaker:
Adam Zabrocki
,
Speaker:
Marko Mitic
Tracks
: Hardware / Embedded, Platform Security
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
If Google Uses It to Find Webpages, We Can Use It to Find Fraudsters: TF-IDF for Real-Time Fraud Detection
Speaker:
David Mahdi
,
Speaker:
Ido Rozen
Tracks
: Threat Hunting & Incident Response, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Protecting Small Organizations in the Era of AI Bots
Speaker:
Rama Hoetzlein
Tracks
: Defense & Resilience, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Uncovering 'NASty' 5G Baseband Vulnerabilities through Dependency-Aware Fuzzing
Speaker:
Ali Ranjbar
,
Speaker:
Tianchang Yang
,
Contributor:
Kai Tu
,
Contributor:
Saaman Khalilollahi
,
Contributor:
Kanika Gupta
,
Contributor:
Syed Rafiul Hussain
Tracks
: Mobile, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Your Traffic Doesn't Lie: Unmasking Supply Chain Attacks via Application Behaviour
Speaker:
Colin Estep
,
Speaker:
Dagmawi Mulugeta
Tracks
: Application Security: Defense, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
Thursday | 12:00pm
Briefings Lunch
Track
:
Location
: Bayside D & E, Level 1
Thursday | 12:15pm
Main Stage: Unmasking Cyber Villains: How Microsoft Stays Ahead of the World's Most Dangerous Hackers
Sponsor Speaker:
Aarti Borkar
,
Sponsor Speaker:
Andrew Rapp
,
Speaker:
Simeon Kakpovi
,
Sponsor Speaker:
Sherrod DeGrippo
Track
: Main Stage
Format
: 25-Minute Main Stage
Location
: Oceanside A, Level 2
Thursday | 12:50pm
Main Stage: Beyond the Limits: Transforming the SOC to Tackle Modern Challenges
Speaker:
Peter Prizio
Track
: Main Stage
Format
: 25-Minute Main Stage
Location
: Oceanside A, Level 2
Thursday | 1:30pm
2 Cops 2 Broadcasting: TETRA End-To-End Under Scrutiny
Speaker:
Carlo Meijer
,
Speaker:
Wouter Bokslag
,
Speaker:
Jos Wetzels
Tracks
: Cryptography, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Anomaly Detection Betrayed Us, so We Gave It a New Job: Enhancing Command Line Classification with Benign Anomalous Data
Speaker:
Ben Gelman
,
Speaker:
Sean Bergeron
Track
: AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
Speaker:
Vaisha Bernard
Tracks
: Cloud Security, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
Decoding Signal: Understanding the Real Privacy Guarantees of E2EE
Speaker:
Ibrahim El-sayed
Tracks
: Application Security: Offense, Cryptography
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
Keynote: From Slide Rules to GenAi - Musings of a Graybeard Public Servant on What's Changing, What's Not, and What Should
Speaker:
Chris Inglis
Track
: Keynote
Format
: 60-Minute Keynote
Location
: Oceanside A, Level 2
Lost & Found: The Hidden Risks of Account Recovery in a Passwordless Future
Speaker:
Sid Rao
,
Speaker:
Gabriela Sonkeri
,
Contributor:
Amel Bourdoucen
,
Contributor:
Janne Lindqvist
Tracks
: Human Factors, Policy
Format
: 40-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
More Flows, More Bugs: Empowering SAST with LLMs and Customized DFA
Speaker:
Yuan Luo
,
Speaker:
Zhaojun Chen
,
Contributor:
Yi Sun
,
Contributor:
Rhettxie Rhettxie
Tracks
: Application Security: Defense, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
Training Specialist Models: Automating Malware Development
Speaker:
Kyle Avery
Tracks
: Malware, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Turning the Tables on GlobalProtect: Use and Abuse of Palo Alto's Remote Access Solution
Speaker:
Alex Bourla
,
Contributor:
Graham Brereton
Tracks
: Enterprise Security, Network Security
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Thursday | 2:30pm
BinWhisper: LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame
Speaker:
Qinrun Dai
,
Speaker:
Yifei Xie
Tracks
: Exploit Development & Vulnerability Discovery, AI, ML, & Data Science
Format
: 30-Minute Briefings
Location
: Islander F & G, Level 0 - North Convention Center
Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange
Speaker:
Pinji Chen
,
Contributor:
Jianjun Chen
,
Contributor:
Qi Wang
,
Contributor:
Mingming Zhang
,
Contributor:
Haixin Duan
Tracks
: Application Security: Offense, Network Security
Format
: 30-Minute Briefings
Location
: Jasmine A & E, Level 3
Exploiting DNS for Stealthy User Tracking
Speaker:
Bela Genge
,
Speaker:
Ioan Padurean
,
Contributor:
Dan Macovei
Tracks
: Privacy, Network Security
Format
: 30-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Let LLM Learn: When Your Static Analyzer Actually 'Gets It'
Speaker:
Zong Cao
,
Contributor:
Zhengzi Xu
,
Contributor:
Yeqi Fu
,
Contributor:
Yuqiang Sun
,
Contributor:
Kaixuan Li
,
Contributor:
Yang Liu
Tracks
: AI, ML, & Data Science, Application Security: Offense
Format
: 30-Minute Briefings
Location
: Oceanside C, Level 2
Open RAN, Open Risk: Uncovering Threats and Exposing Vulnerabilities in Next-Gen Cellular RAN
Speaker:
Tianchang Yang
,
Speaker:
Kai Tu
,
Contributor:
Syed Md Mukit Rashid
,
Contributor:
Ali Ranjbar
,
Contributor:
Gang Tan
,
Contributor:
Syed Rafiul Hussain
Track
: Mobile
Format
: 30-Minute Briefings
Location
: South Seas A & B, Level 3
Racing for Privilege: Leaking Privileged Memory From Any Intel System Using a Microarchitectural Race Condition
Speaker:
Sandro Rüegge
,
Speaker:
Johannes Wikner
Tracks
: Platform Security, Exploit Development & Vulnerability Discovery
Format
: 30-Minute Briefings
Location
: Mandalay Bay H, Level 2
Smart Charging, Smarter Hackers: The Unseen Risks of ISO 15118
Speaker:
Salvatore Gariuolo
Tracks
: Policy, Cyber-Physical Systems & IoT
Format
: 30-Minute Briefings
Location
: South Seas C & D, Level 3
Vulnerability Haruspicy: Picking Out Risk Signals from Scoring System Entrails
Speaker:
Tod Beardsley
Tracks
: Policy, Threat Hunting & Incident Response
Format
: 30-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Watch Your (Lock)Step: Glitching into Automotive Processors
Speaker:
Thomas 'stacksmashing' Roth
Tracks
: Hardware / Embedded, Cyber-Physical Systems & IoT
Format
: 30-Minute Briefings
Location
: Oceanside A, Level 2
Thursday | 3:00pm
Briefings Afternoon Refreshment Break
Track
:
Location
: Foyer Areas, Levels 0 2 & 3
Thursday | 3:20pm
Behind the Screen: Unmasking North Korean IT Workers' Operations and Infrastructure
Speaker:
SttyK SttyK
Tracks
: Threat Hunting & Incident Response, Enterprise Security
Format
: 40-Minute Briefings
Location
: South Pacific F, Level 0 - North Convention Center
Coroutine Frame-Oriented Programming: Breaking Control Flow Integrity by Abusing Modern C++
Speaker:
Marcos Bajo
,
Contributor:
Christian Rossow
Tracks
: Application Security: Offense, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: South Seas A & B, Level 3
Pay Attention to the Clue: Clue-Driven Reverse Engineering by LLM in Real-World Malware Analysis
Speaker:
Tien-Chih Lin
,
Speaker:
Wei Chieh Chao
,
Contributor:
Zhao-Min Chen
Tracks
: Reverse Engineering, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: South Seas C & D, Level 3
QUACK: Hindering Deserialization Attacks via Static Duck Typing
Speaker:
Neophytos Christou
,
Speaker:
Andreas Kellas
Track
: Application Security: Defense
Format
: 40-Minute Briefings
Location
: Islander E & I, Level 0 - North Convention Center
Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorch (PRE-RECORDED)
Speaker:
Ji'an Zhou
,
Speaker:
Li'shuo Song
Tracks
: AI, ML, & Data Science, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Jasmine A & E, Level 3
Securing America: Readiness, Response, and Resilience for Critical Infrastructure Defense
Speaker:
Chris Butera
,
Speaker:
Bob Costello
,
Speaker:
Frank Cilluffo
Track
:
Format
: 40-Minute Keynote
Location
: Oceanside D, Level 2
The 11th Annual Black Hat USA Network Operations Center (NOC) Report
Speaker:
Neil (Grifter) Wyler
,
Speaker:
Bart Stump
Tracks
: Network Security, Application Security: Defense
Format
: 40-Minute Briefings
Location
: Oceanside A, Level 2
Weaponization of Cellular Based IoT Technology – Leveraging Smart Devices to Gain a Foothold
Speaker:
Deral Heiland
,
Speaker:
Carlota Bindner
Tracks
: Hardware / Embedded, Network Security
Format
: 40-Minute Briefings
Location
: Oceanside C, Level 2
Weaponizing Apple AI for Offensive Operations
Speaker:
Hariharan Shanmugam
Tracks
: Malware, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Mandalay Bay H, Level 2
Thursday | 4:20pm
Locknote: Conclusions & Key Takeaways from Black Hat USA 2025
Panelist:
Heather Adkins
,
Panelist:
Daniel Cuthbert
,
Panelist:
Aanchal Gupta
,
Panelist:
Jason Haddix
,
Moderator:
Jeff Moss
Track
: Keynote
Format
: 40-Minute Keynote
Location
: Oceanside A, Level 2