On the ground at Black Hat and DEFCON 2025
Highlights from the annual Las Vegas Hacker Summer Camp
The annual Las Vegas hacking convention circuit, or ‘Summer Camp’ as it has become known, was once again at the forefront of cybersecurity initiatives from both defensive and offensive perspectives. First up this year was Black Hat USA, which incorporated a great blend of industry and expert content in a corporate and connection-focused environment. DEFCON, in contrast, concentrated on more niche technical material from across the hacker community, focusing on its customary informal approach.
Across the two events, attendees were offered invaluable industry-focused insight and networking opportunities, operational and functional development opportunities and almost endless scope for relationship building across all areas of the security industry.
Unsurprisingly, there was a major shared focus on LLM/AI integration and vulnerabilities. Behind these headline topics, however, were a diverse and important range of issues, including firmware-based exploits, siloscaping, and critical assessments of standard security offerings, each of which contributed to moving the industry forwards.

At Black Hat, a large expo floor was populated by the major vendors, including Zscaler, Microsoft, Google, CrowdStrike, Snyk, ThreatLocker and many more. Expert briefings ranged from high-level threat trend analyses to detailed examinations of offensive capabilities and defensive gaps, while the many networking opportunities were central to the overall energy evident across the three days.
Mikko Hypponen, outgoing Chief Research Officer at WithSecure, delivered a keynote tracing cybersecurity’s evolution from its hobbyist origins to a multi-billion-dollar global industry. His closing message was that while the next disruptive technology will be impossible to predict, the industry is now better equipped than ever to limit its impact.
.jpg)
Elsewhere, discussions covered a whole host of topics, from patch failures and their contribution to years of exploitability, organised crime’s use of AdTech and the ShadeBios UEFI malware, to the persistent ineffectiveness of phishing training, Unicode exploitation techniques, and AI-based anomaly detection of command line patterns.
There was, of course, so much more on offer. For a deeper dive into the key sessions, announcements, and insights that really stood out this year, click here.
DEFCON 2025 - “Access Everywhere”
DEFCON is the world’s largest hacker convention, and once again delivered on its reputation for disruptive findings and community engagement. Unlike Black Hat’s expo format, DEFCON offered “villages” dedicated to specific skills and interests, each providing hands-on opportunities to learn and collaborate, and drawing a diverse mix of veteran hackers, researchers, and newcomers.
One of the most noticeable shifts this year was in audience demand. While deeply technical presentations still dominated the programme, talks exploring real-world DFIR and red team operations, particularly those sharing success-and-failure stories, drew unprecedented interest. This shift reflects DEFCON’s evolving demographic, with a marked increase in attendees from administrative, management, and executive roles, bringing a broader set of perspectives into the traditionally hacker-focused environment.
Much like Black Hat, DEFCON was a showcase for the growing convergence of technical innovation and strategic risk. This included sessions on exploiting Machine Check Exceptions for cross-ring privilege escalation, bypassing SecureBoot with novel UEFI persistence techniques, and compromising ControlVault hardware helped demonstrate how firmware-level exploitation is becoming more accessible beyond APT actors.
In parallel, demonstrations on Synology NAS vulnerabilities, rapid malware analysis for macOS, and flaws in ZTPN architecture highlighted the continued fragility of widely deployed systems and the persistent gaps between marketed security claims and operational reality.
Beyond the scheduled events, DEFCON’s informal, community-driven atmosphere encourages a free flow of ideas between specialists in hardware, firmware, software, and policy. It certainly delivered on its theme of “Access Everywhere”.
Interested in more insights from DEFCON 2025? Click here for our deeper dive.
