On the ground at Black Hat 2025 - a deeper dive from Glasswall Head of Security Research, Connor Morley
Black Hat USA once again delivered a packed program that balanced corporate-scale networking with cutting-edge technical research. Alongside a busy expo floor featuring the industry’s biggest vendors, the briefings covered everything from headline topics such as AI and LLM vulnerabilities to highly specialised explorations of firmware exploits, patch failures, and attacker innovation in areas from AdTech to phishing. Here, Connor Morley takes a closer look at some of the sessions that stood out.
Keynote – Mikko Hypponen
The keynote was delivered by Mikko Hypponen, the outgoing Chief Research Officer (CRO) at WithSecure. Having been in the industry for thirty years, Mikko has seen and done it all with a focus on identifying and disrupting offensive capabilities. This keynote was a high-level summary of the current state of the cybersecurity industry, reflecting on its evolution from individual enthusiasts to multi-billion-dollar corporations.
The key elements here are the changes in technology which facilitate these shifts, namely the emergency of cryptocurrencies which made breaches profitable, the rise of “smart” technology integrating everything together and ultimately the rise of AI making the bar for exploitation much lower even for advanced deployments.
His final remarks are that the next disruptive technology will be something no one can predict or be prepared for, but that the cybersecurity industry has never been stronger to minimise the damage. Despite the stories of breaches almost every other week, the cyber industry is formidable at preventing such cases and, at a minimum, very effective at minimising the disruption and risk to individuals.
VMware patch failure left exploits operational for several years
Focusing on a pipe fetch vulnerability in the VMware architecture, this talk covered the fundamental nature of vulnerability analysis, the patching operation and the vigilance analysts need to exercise in ensuring vulnerabilities are mitigated effectively to prevent prolonged risk. The flaw, CVE-2021-22040 and later re-discovered as CVE-2024-22252, leverages xhci_clear_status_cli to achieve a UAF exploit on 0x205C for x64 systems to exploit the virtual USB driver for siloscape. URB and GMR are leveraged via the UAF to achieve host system deployment.
Originally discovered in 2021, and “addressed” by VMware at the time, analysis later showed that the patch did not fix the fundamental driver vulnerability that remained. As such, in 2024, the researcher discovered an alternative BOF exploit in CBTO Bitmap, which allows leveraging the same driver weakness for siloscape via control of the ESXI register.
The talk also aimed to describe the issue of bug bounties in standard software when the ROI for the analyst is very low, the systems are black boxes with no available documentation, and the vendors are reluctant or have low engagement with hunters when vulnerabilities are found. This use-case directly demonstrates the failingsof vendors in relation to key vulnerabilities, the frustration of hunters when their findings are ignored, and the recurrent high-level risks associated with discovered, disclosed, and “remediated” (but not really) vulnerabilities which make their way out into public forums.

Organised crime in AdTech
As EDR and other endpoint defensive technologies improve, attackers are looking for new and innovative ways to get their malware onto target machines. One of the effective methods used is leveraging AdTech (AT), such as a Traffic Distribution Systems (TDS), to funnel users to maliciously controlled domains. Vextrio is a TDS commonly used by malicious users to redirect users via common pop-ups and scareware to drive-by download sites or even advanced XSS deployments.
A well-known malicious operator of TDS is “Los Pollos!”, which uses short URLs as part of their deployment to link to a malicious TDS for compromise. The TDS works as it performs multiple redirections during linking, which can obscure or exhaust security operators during analysis, leading to the conclusion “it is an ad redirect, non-malicious” without a full conclusion. The researchers highlight that they mapped the entire TDS infrastructure of this malicious operation and showed three high level domains which webbed into thousands of standalone and compromised legitimate domains to host malicious content. All malicious TDS that have been encountered are Russian-operated according to the researchers.
Black hat (not affiliated with convention) forums show that this is an everyday utility sought after by malicious operators with the TDS deployment and user manual in high demand for integration.
ShadeBios – UEFI malware which hijacks bootloader as a mini-OS
Firmware UEFI-based rootkits have existed for a long time, with nine well-known variants. Exploits/rootkits in this area are extremely target and hardware-specific, with operations focusing primarily on using firmware-based malware for persistence in the form of a rootkit. As a rootkit in the UEFI runs at boot, the malware has full system and kernel access, allowing an extremely high level of control over the target system. However, as the targets are not system agnostic, instead being highly tailored requiring heavy resourcing, they have primarily been the realm of APT actors (MoonBounce, LoJax, etc.).
In addition, OS-level security systems can detect firmware-hosted malware using systems such as SecureBoot and other such technologies. ShadeBios (SB) is a system agnostic approach to the firmware rootkit which instead of being used to load malware at a privileged level instead hijacks UEFI to become the malware. This requires the UEFI boot memory sections and capabilities to persist in runtime which is typically prohibited. The researcher found a way to achieve this by hooking GetMemoryMap function in EFI operations to change the memory block type to EfiCommentMemory which is accessible at runtime, this means that upon runtime initiation the boot memory block purge skips the altered section allowing persistence.
The UEFI has full access to the device stack of the host, and by leveraging the NIC UEFI control for connect & disconnect, the malicious UEFI instance can override lockout post boot to permit the UEFI system to maintain access to the devices. This effectively means that a malicious UEFI code can load, execute, persist, access all devices (including network) and have root-level access to the system's controls, effectively making it a small independent OS. The controls being reset can cause a minor delay for the legitimate OS, but this is self-repaired.
Additionally, without flashing the UEFI chip, the malware will persist across OS reinstalls or full system formats, which typically overlook this memory segment. There is an available GitHub project outlining its use: https://github.com/FFRI/ShadeBIOS
Phishing via scientific lures – Why phishing is still here and why training is failing
This presentation was a deep dive into statistical analysis on the types of phishing messages and techniques used to trick end-users into interaction, and how this reflected modern campaigns and mitigation techniques. The first question addressed was whether phishing training was effective, with the overwhelming result being no. The only positive results were achieved in lab settings; in real-world deployments, there was no improvement, with some techniques having a detrimental effect (how that is possible is questionable).
To address this, the researchers wanted to apply the scientific method to solve the problem by identifying the most successful techniques, the points of failure in training and security system gaps. Two of their primary findings were that specific techniques, such as contacting users with subjects about PTO rejection, increased interaction to 33% and that the more time/attempts targeting an individual, the more the interaction rate increased until it was almost 100% for all users.
Additionally, phishing training made a negligible difference, with only a 1.7% decrease in the probability of interaction regardless of the type of training used. Structured training however, had the most irrelevant results. One corresponding observation is that most trainees spend less than one minute on training per session, with a sizable percentage spending less than one second.
With the rise of AI, this rate of interaction is only getting worse, with researchers concluding that training cannot be universally applied to each campaign's methods and formats. As such, disruptive technologies are deemed far more effective than additional training, which is considered and measured as ineffective.

Lost in translation – Unicode exploits
This was an extensive look at the different methods with which Unicode can be manipulated to cause unintended actions via understanding of the underlying interpreter limitations. Mainly focused at the XSS exploit level, this excellent talk focused on the risks associated with older Unicode methods, which allow things like extended code lengths, as well as more advanced things such as collation figures/values. Byte truncation based on endianness is another example of a concern focused on where the understanding of the underlying system's interpretation is fundamental but a rudimentary task for offensive operators.
Anomaly detection of command line entry space
This was one of the many AI focused talks with this one being focused on EDR telemetry filtering based on CLI entry patterns run against a model. As this is AI focused it provided a large amount of information on the test set scope and variations as well as the models patterning capabilities. The high-level material revealed this was highly effective in relation to patterns such as known keyword, malicious patterns, command length, use of abnormal characters etc. but that limitations were encountered when input was tailored due to such detection capabilities.
The presenter explained how this would be addressed via model alterations however that quickly became AI engineering focused. This is another demonstration of how AI is being applied to existing and mature technologies for effective real time behaviour detection. As this is something most vendors are employing to some degree, this was the first talk which addressed a SOC/TH active threat concern for hand-on keyboard attack monitoring. Although the model is only as accurate as the fed data, one of the key takeaways here is that they wanted to train the model on an estates contextually unique CLI behaviour to make it more accurate rather than using a generic model.