This document contains all Black Hat Asia 2025 sessions that have downloadable files (slides, whitepapers, or source code).
| ID | Title | Track 1 | Track 2 | Description | Files |
|---|---|---|---|---|---|
| 43199 | vCenter Lost: How the DCERPC Vulnerabilities Changed the Fate of ESXi | Exploit Development & Vulnerability Discovery | Cloud Security | As one of the most widely-used commercial virtualization platforms, the security of VMware virtualization suite has long been a focal point of scrutiny. Over the past few years, we have focused extens... | 📄 Slides |
| 43874 | QuickShell: Sharing is Caring About an RCE Attack Chain on Quick Share | Application Security: Offense | Platform Security | Quick Share (formerly Nearby Share) has allowed Android users to easily share files for four years now. A year ago, Google introduced a Windows version.Google's promotion of Quick Share for preinstall... | 📄 Slides |
| 44095 | Think Inside the Box: In-the-Wild Abuse of Windows Sandbox in Targeted Attacks | Malware | Threat Hunting & Incident Response | Windows Sandbox is a lightweight virtualization mechanism introduced in 2018, designed to provide an isolated desktop environment for quickly testing suspicious applications. However, this feature can... | 📄 Slides |
| 43514 | DriveThru Car Hacking: Fast Food, Faster Data Breach | Privacy | Network Security | In-car dash cameras (dashcams) have become quintessential to our daily lives, supported by guidelines and regulations from insurance companies as part of insurance reduction or substantiating claims d... | 📄 Slides 📋 Whitepaper |
| 43347 | The Oversights Under the Flow: Discovering and Demystifying the Vulnerable Tooling Suites From Azure MLOps | Platform Security | AI, ML, & Data Science | With the new AI moving to the cloud, a sequence of ML/AI tooling suites has been integrated into the core Azure DevOps functionalities, yielding a new concept of MLOps to enable the LLM capabilities f... | 📄 Slides |
| 44141 | JDD: In-depth Mining of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction | Application Security: Offense | Exploit Development & Vulnerability Discovery | Java serialization and deserialization facilitate cooperation between different Java systems, enabling convenient data and code exchange. However, a significant vulnerability known as Java Object Inje... | 📄 Slides |
| 43510 | Bridging the Gap: Type Confusion and Boundary Vulnerabilities Between WebAssembly and JavaScript in V8 | Exploit Development & Vulnerability Discovery | As WebAssembly becomes more integrated into modern web browsers, its interaction with JavaScript creates new opportunities for performance optimization, but also introduces significant security risks.... | 📄 Slides | |
| 43571 | Double Tap at the Blackbox: Hacking a Car Remotely Twice with MiTM | Cyber-Physical Systems & IoT | Obtaining the hardware, extracting firmware, and then reverse engineering to uncover vulnerabilities in automotive systems is a common practice within the vehicle security community. However, access t... | 📄 Slides | |
| 43618 | The Illusion of Isolation: How Isolation Failures in CI/CD Servers Lead to RCE and Privacy Risks | Enterprise Security | Application Security: Offense | For many years, security research on CI/CD platforms has been a popular topic, but researchers often tend to look for flaws that are visibly present across various functionalities within the workflow ... | 📄 Slides |
| 44550 | Unveiling the Mysteries of Qualcomm's QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering | Reverse Engineering | This talk invites you on an exploration of advanced reverse engineering techniques applied to sophisticated proprietary hardware. Rather than focusing on well-known hands-on methods such as hardware d... | 📄 Slides | |
| 43631 | Enhancing Modern Threat Intelligence: The Pivotal Role of Large Language Models in Extracting Actionable TTP Attack Chains | AI, ML, & Data Science | Application Security: Defense | Currently, the application of LLMs within the security landscape has achieved widespread adoption, becoming a standard practice across the industry. In the realm of threat intelligence, LLMs have dist... | 📄 Slides |
| 43190 | Determining Exploitability of Vulnerabilities with SBOM and VEX | Enterprise Security | Application Security: Defense | Software Composition Analysis tools are known to generate a flood of vulnerability data in third party code. The key challenge today is determining the number of vulnerabilities that are actually expl... | 📄 Slides |
| 44144 | One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025 | Exploit Development & Vulnerability Discovery | Platform Security | As the security protection mechanisms of the Windows operating system are constantly being proposed and applied, it is becoming increasingly difficult to find exploitable vulnerabilities on current Wi... | 📄 Slides |
| 43447 | Foreign Information Manipulation and Interference (Disinformation 2.0) - How Patterns of Behavior in the Information Domain Threaten or Attack Organizations' Values, Procedures and Political Processes | Policy | Defense | Over the past decade, foreign information manipulation and interference (FIMI) operations have grown in complexity and scope. More specifically, Russia and China have continuously invested resources i... | 📄 Slides |
| 43912 | Mini-App But Great Impact: New Ways to Compromise Mobile Apps | Mobile | Application Security: Offense | In the mobile app ecosystem, super-apps serve as platforms hosting mini-apps, facilitating cross-platform operation across Android and iOS. Traditionally, attacks on mobile apps have targeted native a... | 📄 Slides |
| 44148 | Should We Chat, Too? Security Analysis of WeChat's MMTLS Encryption Protocol | Cryptography | Application Security: Offense | WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third globally. Instead of TLS, WeChat mainly uses a proprietary network... | 📄 Slides |
| 43862 | KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities | Platform Security | Exploit Development & Vulnerability Discovery | Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most e... | 📄 Slides 📋 Whitepaper |
| 43262 | Watch Your Phone: Novel USB-Based File Access Attacks Against Mobile Devices | Mobile | Exploit Development & Vulnerability Discovery | Modern mobile OSs employ lock screens and user confirmation prompts to shield sensitive data from attackers with access to the device's USB port. In this talk, we present novel attacks and attack tech... | 📄 Slides |
| 44173 | Operation BlackEcho: Voice Phishing Using Fake Financial and Vaccine Apps | Human Factors | Malware | Voice phishing (a.k.a. vishing) is a crime in which scammers deceive victims through phone calls in order to fraudulently obtain funds or steal personal information.Malicious apps are needed for voice... | 📄 Slides |
| 43871 | Invisible Ink: Privacy Risks of CSS in Browsers and Emails | Privacy | Enterprise Security | Recently, Google Chrome and other browsers have started restricting traditional tracking methods, such as third-party cookies, to improve user privacy. Still, websites can leverage browser fingerprint... | 📄 Slides |
| 44052 | Impostor Syndrome - Hacking Apple MDMs Using Rogue Device Enrolments | Enterprise Security | Reverse Engineering | Apple's solution for mobile device management seems like an airtight process. Enterprise customers buy devices from registered retailers, these are automatically registered in Apple Business Manager w... | 📄 Slides |
| 44025 | Standing on the Shoulders of Giants: De-Obfuscating WebAssembly Using LLVM | Reverse Engineering | WebAssembly (Wasm) is an increasingly popular compilation target, offering compact representation, efficient validation and compilation, and safe low to no-overhead execution. Wasm is popular not only... | 📄 Slides | |
| 44006 | Behind Closed Doors - Bypassing RFID Readers | Cyber-Physical Systems & IoT | Cloning RFID tags - you probably tried it, or at least heard about it.But what if cloning someone's card isn't an easy option? How else can one gain entry into high-security areas without direct acces... | 📄 Slides | |
| 43619 | (Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers | Application Security: Offense | Exploit Development & Vulnerability Discovery | In May 2024, Microsoft introduced a new category of PCs designed for AI, called Copilot+ PCs. According to Microsoft, those PCs are starting a new chapter of AI integration on Windows and, thus, perso... | 📄 Slides |
| 44092 | I Have Got to Warn You, It Is a Learning Robot: Using Deep Learning Attribution Methods for Fault Injection Attacks | Hardware / Embedded | AI, ML, & Data Science | Deep Learning (DL) has recently received significant attention in breaking cryptographic implementations on embedded systems. However, research on the subject mostly focused on side-channel attacks (S... | 📄 Slides |
| 44145 | The Drone Supply Chain's Grand Siege: From Initial Breaches to Long-Term Espionage on High-Value Targets | Threat Hunting & Incident Response | Malware | In mid-2024, we disclosed a cyber campaign named TIDRONE, attributed to an unidentified threat actor likely linked to Chinese-speaking groups. This campaign revealed a strong focus on the military ind... | 📄 Slides |
| 43223 | A Closer Look at the Gaps in the Grid: New Vulnerabilities and Exploits Affecting Solar Power Systems | Cyber-Physical Systems & IoT | Exploit Development & Vulnerability Discovery | Distributed energy resources (DER), such as solar power systems, are rapidly becoming essential elements of power grids worldwide. However, cybersecurity for these systems is often an afterthought, cr... | 📄 Slides |
| 43932 | CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks | Network Security | Cloud Security | Content Delivery Networks (CDNs) are widely adopted to enhance web performance and offer protection against DDoS attacks. However, our research unveils a critical vulnerability within CDN back-to-orig... | 📄 Slides 📋 Whitepaper |
| 43247 | KernelSnitch: Leaking Kernel Heap Pointers by Exploiting Software-Induced Side-Channel Leakage of Kernel Hash Tables | Exploit Development & Vulnerability Discovery | Platform Security | In this talk, we present a generic software-induced side-channel attack, KernelSnitch, on the operating system. With this new side-channel attack we opened up a novel attack surface in operating syste... | 📄 Slides |
| 44176 | The ByzRP Solution: A Global Operational Shield for RPKI Validators | Network Security | Application Security: Defense | The Border Gateway Protocol (BGP) is the core routing protocol on the Internet, but it lacks security mechanisms. At the same time, the democratization of access has transformed the Internet into the ... | 📄 Slides |
| 44583 | Dismantling the SEOS Protocol | Hardware / Embedded | Reverse Engineering | In this talk, we present the first open source implementation of HID SEOS communication protocol over RFID. HID SEOS is a credential technology designed to provide enhanced security, flexibility, and ... | 📄 Slides |
| 43714 | The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas | Platform Security | Cloud Security | In Windows build 2407, Microsoft released Python support inside Excel as embedded =PY() functions. According to the Microsoft website: "Python in Excel brings the power of Python analytics into Excel.... | 📄 Slides |
| 43567 | Sweeping the Blockchain: Unmasking Illicit Accounts in Web3 Scams | Defense | Platform Security | The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platform... | 📄 Slides |
| 43736 | State Manipulation: Unveiling New Attack Vectors in Bluetooth Vulnerability Discovery through Protocol State Machine Reconfiguration | Exploit Development & Vulnerability Discovery | Cyber-Physical Systems & IoT | The Bluetooth protocol has become ubiquitous, supporting a wide range of devices from personal gadgets like headphones and smartphones to complex systems in automotive and IoT environments. While Blue... | 📄 Slides |
| 43972 | Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors | Application Security: Offense | Enterprise Security | Email attachments have become a favored delivery vector for malware campaigns. In response, email attachment detectors are widely deployed to safeguard email security. However, an emerging threat aris... | 📄 Slides |
| 43954 | AI-Powered Image-Based Command and Control (C2) Framework: Utilizing AI Models to Conceal and Extract Commands in C2 Images | Malware | AI, ML, & Data Science | Generative AI concentrates on generating novel and unique content in various forms, including text, image, and video. Many researchers focus on utilizing GenAI models to improve our lives or identifyi... | 📄 Slides 📋 Whitepaper |
| 44048 | Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet | Hardware / Embedded | Reverse Engineering | Today's vehicles are evolving rapidly, with a rising number of electric models and an expanding array of digital technologies, such as onboard Wi-Fi, Bluetooth, and USB connectivity. These advancement... | 📄 Slides |
| 43697 | Weaponized Deception: Lessons from Indonesia's Muslim Cyber Army | Human Factors | Threat Hunting & Incident Response | A defunct Indonesian cyber deception collective of attackers known as Muslim Cyber Army (MCA) modeled one of the first known examples of weaponizing deception and disinformation to disrupt Indonesian ... | 📄 Slides |
- Total Sessions with Files: 38
- Total Downloaded Files: 42
- Generated on: 2025-08-24 16:36:32
- 📄 Slides: Presentation slides (PDF)
- 📋 Whitepaper: Detailed technical papers (PDF)
- 💻 Source Code: Accompanying source code files
All files are downloaded locally to the BlackHat-Downloads directory. Click on the file links to open them directly.
Generated automatically from sessions.json