Black Hat Asia 2025

April 1-4, 2025 · Singapore · 45 talks

Black Hat Asia 2025 brings the world's top cybersecurity researchers to Singapore for cutting-edge briefings on offensive security, reverse engineering, and emerging threats.

→ See editor’s top picks at Black Hat Asia 2025

• The ByzRP Solution: A Global Operational Shield for RPKI Validators

  This talk introduces ByzRP (Byzantine Fault Tolerant RPKI), an innovative approach to enhance the security, robustness, and performance of the **Resource Public Key Infrastructure (RPKI)**. RPKI is…

• Dismantling the SEOS Protocol

  This talk, "Dismantling the SEOS Protocol," delves into the intricate security mechanisms of **HID Global's SEOS protocol**, a widely adopted RFID access control technology. Presented by Evil Damon…

• The Drone Supply Chain's Grand Siege: From Initial Breaches to Long-Term Espionage

  This talk, "The Drone Supply Chain's Grand Siege: From Initial Breaches to Long-Term Espionage on High Value Targets," delivered by Trend Micro's Vicki Sue and Philip Chen, uncovers a sophisticated…

• Using Deep Learning Attribution Methods for Fault Injection Attacks

  In a compelling presentation at Black Hat Asia, Karim, a Hardware Security Expert from Ledger's Dungeon security research team, unveiled a novel approach to significantly enhance the efficacy of…

• Impostor Syndrome - Hacking Apple MDMs Using Rogue Device Enrolments

  This talk by Marcel, a security researcher at Form3, delves into a critical vulnerability within Apple's Mobile Device Management (MDM) ecosystem, which he dubs "Impostor Syndrome." The core issue…

• Keynote: Perspectives on Trust in Hardware Supply Chains

  In this thought-provoking keynote at Black Hat Asia, renowned hardware hacker and designer Bunnie Huang delves into the intricate and often overlooked challenges of trust within global hardware…

• Operation BlackEcho: Voice Phishing Using Fake Financial and Vaccine Apps

  Operation BlackEcho details a sophisticated and evolving voice phishing campaign that leverages an intricate network of fake financial and vaccine applications to defraud victims. Presented by…

• Should We Chat, Too? Security Analysis of WeChat's MMTLS Encryption Protocol

  This talk, delivered by Pelleon from the Citizen Lab at the University of Toronto and Mona, a PhD student at Princeton University and former Citizen Lab research fellow, delves into a comprehensive…

• Who Cares Where Waldo Is. Locating macOS Users Without Their Consent

  This talk, presented by Vochua (Vojciech Regula) at Black Hat Asia, delves into the intricate and often overlooked security landscape of **macOS location services**. Building upon his extensive…

• One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025

  This presentation, "One Bug to Rule Them All," delivered by Edwards Peng, Signin, and War at Black Hat Asia, unveils a critical pre-authentication **Remote Code Execution (RCE)** vulnerability…

• A Journey into Advanced Theoretical Reverse Engineering

  In this compelling Black Hat Asia presentation, Alisa Sage, founder of Zero Day Engineering, unveiled the intricate and previously opaque world of Qualcomm's **QDSP6 JTAG** and its proprietary…

• Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

  Alan Scott's Black Hat Asia talk, "Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots," shifts the focus from demonstrating novel exploits to equipping security professionals…

• JDD: In-depth Mining of Java Deserialization Gadget Chains

  Java deserialization vulnerabilities represent a critical and persistent threat within modern application security, often leading to severe consequences such as **Remote Code Execution (RCE)**. This…

• Think Inside the Box: In-the-Wild Abuse of Windows Sandbox in Targeted Attacks

  In a revealing presentation at Black Hat Asia, Hiakih Har, a Staff Engineer at Trend Micro, unveiled the first observed instance of threat actors leveraging **Windows Sandbox** for defense evasion…

• Keynote: Cyber Threats in the Age of AI

  This keynote address, delivered by Edward Chen, Deputy Chief Executive of National Cyber Resilience for the Cyber Security Agency (CSA) of Singapore, delves into the evolving landscape of cyber…

• Locknote: Highlights & Key Takeaways from Black Hat Asia 2025

  The "Locknote" session at Black Hat Asia 2025 offered a unique, behind-the-scenes perspective from the conference's esteemed review board. Moderated by Daniel Cuthbert, stepping in for Jeff Moss…

• Weaponized Deception: Lessons from Indonesia's Muslim Cyber Army

  This compelling talk by Tim Papa, a former Supervisory Special Agent and profiler with the FBI's Behavioral Analysis Unit (BAU), re-examines the enigmatic case of Indonesia's **Muslim Cyber Army…

• The Black Hat Asia Network Operations Center (NOC) Report

  The Black Hat Asia Network Operations Center (NOC) Report offers a unique glimpse into the intricate and often paradoxical challenge of securing one of the world's premier cybersecurity conferences…

• Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet

  This talk, presented by MK and Rad Modzman from Automotive PCA, details a comprehensive remote exploitation chain against a 2020 Nissan Leaf, enabling an attacker to gain full control over the…

• Sweeping the Blockchain: Unmasking Illicit Accounts in Web3 Scams

  The rapid expansion of the **Web3** ecosystem, promising a decentralized future built on blockchain technology, has unfortunately attracted a new wave of sophisticated illicit activities. With its…

• Unveiling New Attack Vectors in Bluetooth Vulnerability Discovery through Protocol State Machine

  This talk, presented by Leong, Wa, and Oliver Dong from SRAD, introduces a groundbreaking methodology for discovering Bluetooth vulnerabilities by deconstructing and manipulating the underlying…

• Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors

  This talk, "Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors," presented by Jang from Tsinghua University, unveils a critical flaw in how email security systems…

• Utilizing AI Models to Conceal and Extract Commands in C2 Images

  This talk, "Utilizing AI Models to Conceal and Extract Commands in C2 Images," presented by Chen Fang and Chris Nawarte from Palo Alto Networks, delves into a sophisticated new frontier for command…

• The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas

  Shalom Carmel’s presentation, "The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas," delves into the unexpected security implications of Microsoft’s recent integration of…

• KernelSnitch: Leaking Kernel Heap Pointers by Exploiting Software-Induced Side-Channel Leakage

  This presentation introduces **KernelSnitch**, a novel operating system side channel attack that leverages timing differences in kernel hash table accesses to leak security-critical kernel heap…

• CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks

  This talk, "CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks," presented by Julie from the National University of Singapore and Zu from Singapore Management University…

• A Closer Look at the Gaps in the Grid: New Vulnerabilities and Exploits Affecting Solar Power

  This talk, presented by Daniel and Franchesca from Forescout Technologies, delves into critical cybersecurity vulnerabilities discovered in widely deployed solar power systems. As solar energy…

• Standing on the Shoulders of Giants: De-Obfuscating WebAssembly Using LLVM

  In an increasingly web-centric world, WebAssembly (Wasm) has emerged as a critical technology, promising near-native performance for web applications. Its adoption by major platforms and industries…

• Behind Closed Doors - Bypassing RFID Readers

  In his Black Hat Asia presentation, "Behind Closed Doors - Bypassing RFID Readers," Julius Dunuk, an IT Security Specialist at Securing, offered a compelling and often humorous look into the…

• (Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers

  The advent of **Copilot+ PCs** marks a significant shift in Windows computing, deeply integrating Artificial Intelligence capabilities directly into the operating system. This talk, "(Mis)adventures…

• Mini-App But Great Impact: New Ways to Compromise Mobile Apps

  This talk, "Mini-App But Great Impact: New Ways to Compromise Mobile Apps," presented at Black Hat Asia by Wii and Xangu, unveils a novel attack surface within the mobile ecosystem: **mini apps**…

• Watch Your Phone: Novel USB-Based File Access Attacks Against Mobile Devices

  In an era where mobile devices are indispensable repositories of sensitive personal data—from photographs and messages to login credentials—the security of these devices is paramount. This…

• Invisible Ink: Privacy Risks of CSS in Browsers and Emails

  In "Invisible Ink: Privacy Risks of CSS in Browsers and Emails," Leon and Daniel from the TISPA Handhold Center for Information Security unveil a sophisticated and often overlooked vector for user…

• KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities

  This talk introduces **KernGC**, an innovative tool designed to automate the generation of vulnerable environments for Linux kernel vulnerabilities. Presented by Bonan and Jaho from the National…

• Foreign Information Manipulation and Interference (Disinformation 2.0)

  In an era where information is both abundant and weaponized, Frankie Sageran, a seasoned expert from NATO's Information Environment Analysis team, delivered a critical talk at Black Hat Asia titled…

• The Pivotal Role of Large Language Models in Extracting Actionable TTP Attack Chains

  In an era where cybersecurity threats are constantly evolving, the ability to rapidly understand, extract, and operationalize adversary Tactics, Techniques, and Procedures (**TTPs**) is paramount…

• Determining Exploitability of Vulnerabilities with SBOM and VEX

  In an era dominated by open-source software, managing the deluge of associated vulnerabilities has become a paramount challenge for organizations. This talk, presented by Shina and Anushia, security…

• The Illusion of Isolation: How Isolation Failures in CI/CD Servers Lead to RCE and Privacy Risks

  In this compelling Black Hat Asia talk, "The Illusion of Isolation," researchers Tenjo and Yuwan Wong from the University of Chinese Academy of Sciences delve into a critical, yet often overlooked…

• Double Tap at the Blackbox: Hacking a Car Remotely Twice with MiTM

  This talk, "Double Tap at the Blackbox," by researchers from the 360 Vulnerability Research Institute, delves into the sophisticated process of remotely compromising a connected vehicle twice, using…

• Bridging the Gap: Type Confusion and Boundary Vulnerabilities Between WebAssembly and JavaScript

  This talk, presented by Nang (Sakura) and Jan Hansa, delves into a critical and evolving area of browser security: vulnerabilities arising from the interaction boundary between **WebAssembly…

• The Oversights Under the Flow: Discovering the Vulnerable Tooling Suites From Azure MLOps

  This talk, "The Oversights Under the Flow," delves into a critical examination of security vulnerabilities discovered within the tooling suites of **Azure Machine Learning Operations (MLOps)**…

• ObfusQate: Where Quantum Magic Meets Code Security – Say Goodbye to Easy Cracking!

  The rapid advancement of quantum computing heralds a new era of computational power, promising solutions to problems currently intractable for even the most powerful supercomputers. However, this…

• vCenter Lost: How the DCERPC Vulnerabilities Changed the Fate of ESXi

  In a compelling presentation at Black Hat Asia 2025, Zo from Tianin Tangun lab unveiled critical research titled "vCenter Lost: How the DCERPC Vulnerabilities Changed the Fate of ESXi." This talk…

• QuickShell: Sharing is Caring About an RCE Attack Chain on Quick Share

  In this compelling presentation, Ora and Coin from SafeBreach unveiled "QuickShell," a sophisticated remote code execution (RCE) attack chain targeting Google's Quick Share application for Windows…

• DriveThru Car Hacking: Fast Food, Faster Data Breach

  This talk, presented by Alina and George from Heat Security Labs, introduces a novel and concerning attack vector: **drive-thru car hacking** targeting ubiquitous dash cameras. The research…