Absolutely insane week for agentic engineering 37K LOC per day across 5 projects Still speeding up

Blackhat USA 2025 will happen soon, this is my personal top 12 master selection: 1. HTTP/1.1 Must Die! The Desync Endgame Speaker: James Kettle Tracks: Application Security: Offense, Application Security: Defense Format: 40-Minute Briefings Location: Oceanside A, Level 2 2. Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite Speaker: Ben Nassi, Speaker: Or Yair, Speaker: Stav Cohen Track: AI, ML, & Data Science Format: 40-Minute Briefings Location: Oceanside A, Level 2 3. Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications Speaker: Fengyu Liu, Speaker: YouKun Shi, Contributor: Tian Chen, Contributor: Bocheng Xiang, Contributor: Junyao He, Contributor: Qi Li, Contributor: Guangliang Yang, Contributor: Yuan Zhang, Contributor: Min Yang Tracks: Application Security: Offense, Exploit Development & Vulnerability Discovery Format: 30-Minute Briefings Location: Jasmine A & E, Level 3 4. Protecting Small Organizations in the Era of AI Bots Speaker: Rama Hoetzlein Tracks: Defense & Resilience, AI, ML, & Data Science Format: 40-Minute Briefings Location: Islander F & G, Level 0 - North Convention Center 5. Keynote: Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab Speaker: Ron Deibert Track: Keynote Format: 40-Minute Keynote Location: Oceanside A, Level 2 6. Racing for Privilege: Leaking Privileged Memory From Any Intel System Using a Microarchitectural Race Condition Speaker: Sandro Rüegge, Speaker: Johannes Wikner Tracks: Platform Security, Exploit Development & Vulnerability Discovery Format: 30-Minute Briefings Location: Mandalay Bay H, Level 7. Hackers Dropping Mid-Heist Selfies: LLM Identifies Information Stealer Infection Vector and Extracts IoCs Estelle Ruellan | Threat Intelligence Researcher, Flare Olivier Bilodeau | Principal Security Researcher, Flare Date: Wednesday, August 6 | 3:20pm-4:00pm ( Oceanside C, Level 2 ) Format: 40-Minute Briefings Tracks: Malware, AI, ML, & Data Science 8. Keynote: Three Decades in Cybersecurity: Lessons Learned and What Comes Next Speaker: Mikko Hypponen Track: Keynote Format: 40-Minute Keynote Location: Michelob ULTRA Arena, Concourse Level 9. Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities Andres Riancho | Security Researcher, Wiz Hillai Ben-Sasson | Security Researcher, Wiz Ronen Shustin | Security Researcher, Wiz Date: Wednesday, August 6 | 11:20am-12:00pm ( Mandalay Bay H, Level 2 ) Format: 40-Minute Briefings Tracks: Cloud Security, AI, ML, & Data Science 10. Booting into Breaches: Hunting Windows SecureBoot's Remote Attack Surfaces Speaker: Jietao Yang Tracks: Exploit Development & Vulnerability Discovery, Platform Security Format: 40-Minute Briefings Location: Islander E & I, Level 0 - North Convention Center 11. Burning, Trashing, Spacecraft Crashing: A Collection of Vulnerabilities That Will End Your Space Mission Andrzej Olchawa | Offensive Security Researcher, VisionSpace Technologies GmbH Milenko Starcik | Head of Cyber Security, VisionSpace Technologies GmbH Ricardo Fradique | Cybersecurity Engineer, VisionSpace Technologies GmbH Ayman Boulaich | Cybersecurity Intern, VisionSpace Technologies GmbH Date: Wednesday, August 6 | 2:30pm-3:00pm ( Mandalay Bay H, Level 2 ) Format: 30-Minute Briefings Tracks: Exploit Development & Vulnerability Discovery, Application Security: Offense 12. Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years Speaker: Yuhao Jiang, Contributor: Xinlei Ying, Speaker: Ziming Zhang Tracks: Exploit Development & Vulnerability Discovery, Cloud Security Format: 40-Minute Briefings Location: Jasmine A & E, Level 3 @BlackHatEvents blackhat.com/us-25/briefings…

HW defenses against Spectre are tricky: they need to be applied correctly by the SW, and we need to trust that the HW does what its supposed to. Our latest work "Breaking the Barrier" exploits loopholes in both of these issues on Intel and AMD parts. comsec.ethz.ch/breaking-the-…

Disclosing Branch Predictor Race Conditions (BPRC), a new class of vulnerabilities where asynchronous branch predictor operations violate hardware-enforced privilege and context separation in virtually all recent Intel CPUs. @wiknerj @kavehrazavi : comsec.ethz.ch/bprc

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy! phrack.org/

I've just presented at IEEE SecDev our work on reversing the eIBRS HW mitigation. TLDR: use retpoline or stibp ibpb ;) The mitigation relies on an automatic flush of the predictor to prevent brute-force. But it is not frequent enough (thus, it relies on obscurity really). Recommendation for Intel: 1-) add a tunable for it 2-) disclose the details so customers can understand risk.

#H2HC2024 Inscricoes abertas e chamada de trabalhos tambem! @h2hcon