Editor's Picks

Best Talks at Black Hat Asia 2025

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at Black Hat Asia 2025

  1. 1

    Using Deep Learning Attribution Methods for Fault Injection Attacks

    In a compelling presentation at Black Hat Asia, Karim, a Hardware Security Expert from Ledger's Dungeon security research team, unveiled a novel approach to significantly enhance the efficacy of **fault injection attacks (FIA)** against secure hardware. The talk, titled "Using…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  2. 2

    Should We Chat, Too? Security Analysis of WeChat's MMTLS Encryption Protocol

    This talk, delivered by Pelleon from the Citizen Lab at the University of Toronto and Mona, a PhD student at Princeton University and former Citizen Lab research fellow, delves into a comprehensive security analysis of WeChat's proprietary encryption protocol, **MMTLS**…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  3. 3

    Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

    Alan Scott's Black Hat Asia talk, "Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots," shifts the focus from demonstrating novel exploits to equipping security professionals with the knowledge and tools to investigate and respond to incidents involving…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  4. 4

    Think Inside the Box: In-the-Wild Abuse of Windows Sandbox in Targeted Attacks

    In a revealing presentation at Black Hat Asia, Hiakih Har, a Staff Engineer at Trend Micro, unveiled the first observed instance of threat actors leveraging **Windows Sandbox** for defense evasion in real-world targeted attacks. The talk, titled "Think Inside the Box,"…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  5. 5

    Weaponized Deception: Lessons from Indonesia's Muslim Cyber Army

    This compelling talk by Tim Papa, a former Supervisory Special Agent and profiler with the FBI's Behavioral Analysis Unit (BAU), re-examines the enigmatic case of Indonesia's **Muslim Cyber Army (MCA)**. Far from being a group of sophisticated hackers, MCA's true danger lay in…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  6. 6

    Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet

    This talk, presented by MK and Rad Modzman from Automotive PCA, details a comprehensive remote exploitation chain against a 2020 Nissan Leaf, enabling an attacker to gain full control over the vehicle's infotainment system and subsequently manipulate critical body elements from…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  7. 7

    Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors

    This talk, "Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors," presented by Jang from Tsinghua University, unveils a critical flaw in how email security systems process messages. The research demonstrates a novel class of **protocol-level evasion…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  8. 8

    The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas

    Shalom Carmel’s presentation, "The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas," delves into the unexpected security implications of Microsoft’s recent integration of Python into Excel for Office 365 users. Introduced approximately a year and a half…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  9. 9

    (Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers

    The advent of **Copilot+ PCs** marks a significant shift in Windows computing, deeply integrating Artificial Intelligence capabilities directly into the operating system. This talk, "(Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers," presented by a…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  10. 10

    Watch Your Phone: Novel USB-Based File Access Attacks Against Mobile Devices

    In an era where mobile devices are indispensable repositories of sensitive personal data—from photographs and messages to login credentials—the security of these devices is paramount. This presentation by Floren Rasha and Lucas Ma unveils a series of novel USB-based attacks…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  11. 11

    Invisible Ink: Privacy Risks of CSS in Browsers and Emails

    In "Invisible Ink: Privacy Risks of CSS in Browsers and Emails," Leon and Daniel from the TISPA Handhold Center for Information Security unveil a sophisticated and often overlooked vector for user tracking and targeted attacks: **CSS-based browser and email client…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  12. 12

    The Illusion of Isolation: How Isolation Failures in CI/CD Servers Lead to RCE and Privacy Risks

    In this compelling Black Hat Asia talk, "The Illusion of Isolation," researchers Tenjo and Yuwan Wong from the University of Chinese Academy of Sciences delve into a critical, yet often overlooked, area of modern software development security: isolation failures within…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★

View all talks at Black Hat Asia 2025 →