Best Talks at Black Hat USA 2025
Hand-picked from in-depth reviewer verdicts. View all talks at Black Hat USA 2025 →
- 1. Burning, Trashing, Spacecraft Crashing: A Collection of Vulnerabilities That Will End Your Space Mission
Researchers from Vision Space demonstrated live exploits against three open-source mission control systems and NASA's Core Flight System, proving that software vulnerabilities — not kinetic weapons — are now the most accessible path to…
- 2. Windows Hell No for Business
Researchers contracted by Germany's Federal Office for IT Security (BSI) conducted an in-depth security analysis of Windows Hello for Business and demonstrated that a local administrator can decrypt the biometric template database, read…
- 3. I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDR
Olaf Hartong of Falcon Force demonstrated that the Event Tracing for Windows (ETW) subsystem — which Microsoft Defender for Endpoint, CrowdStrike, and other major EDRs rely on for telemetry — can be abused by low-privileged attackers to…
- 4. China's 5+ Year Campaign to Penetrate Perimeter Network Defenses
Over five years, Chinese state-linked threat actors mounted a sustained, evolving campaign against Sophos XG firewalls — and by extension, every major network perimeter device. Sophos responded by deploying its own covert kernel implant…
- 5. Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite
Researchers from SafeBreach and the Technion demonstrated 14 distinct attacks against Google's Gemini AI assistant using nothing but a malicious Google Calendar invitation. By embedding indirect prompt injections in calendar event titles…
- 6. Wormable Zero-Click RCE in AirPlay Impacts Billions of Apple and IoT Devices
"Airborne" is a collection of 23 vulnerabilities — 17 assigned CVEs — in Apple's AirPlay protocol and the AirPlay SDK used by third-party IoT device manufacturers. The research produced the first-ever zero-click, wormable remote code…
- 7. Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities
Wiz Research discovered a critical TOCTOU (time-of-check time-of-use) vulnerability in NVIDIA Container Toolkit that allows a malicious container image to mount the host filesystem — effectively breaking out of container isolation. The…
- 8. AI Enterprise Compromise: 0-Click Exploit Methods
Zenity CTO Michael Bargury and co-presenter Tamir demonstrate zero-click prompt injection attacks against enterprise AI agents across Microsoft Copilot Studio, Salesforce Agentforce (Einstein), Cursor with Jira MCP, and ChatGPT — showing…
- 9. Advanced Active Directory to Entra ID Lateral Movement Techniques
Dirk-Jan Mollema of Outsider Security demonstrated that Exchange Hybrid deployments create a hidden, high-privilege attack path from on-premises Active Directory to full Microsoft 365 tenant compromise. By extracting exportable…
- 10. 2 Cops 2 Broadcasting: TETRA End-To-End Under Scrutiny
Midnight Blue — the team behind the landmark TETRA:BURST disclosures in 2023 — returned to Black Hat with a follow-up that dismantles the mitigations deployed in response to their original research. They demonstrate that TETRA end-to-end…
- 11. Unveiling the Hidden Perils of the TorchScript Engine in PyTorch
PyTorch's `weights_only=True` parameter — the standard fix for `pickle`-based RCE in ML model loading — does not actually prevent code execution when loading TorchScript (`.pt`) files, because the TorchScript engine processes a separate…
- 12. Uncovering and Responding to the tj-actions Supply Chain Breach
On March 14, 2025, Step Security's automated detection system identified that the widely-used `tj-actions/changed-files` GitHub Action had been compromised via a chained supply chain attack originating from a pull request vulnerability in…