As mobile applications and APIs become the backbone of modern digital ecosystems, attackers are constantly seeking faster and smarter ways to exploit them. At the same time, Large Language Models (LLMs) are reshaping how we approach security testing. But can AI truly hack?In this session, we’ll explore how LLMs can be leveraged to accelerate and augment mobile and API penetration testing. We’ll demonstrate real-world use cases where AI assists with tasks like reconnaissance, fuzzing, reverse engineering, and exploit generation — and highlight where it shines versus where it fails. Through real world examples and lessons learned, we’ll cut through the hype to show how security professionals can practically integrate LLMs into their offensive workflows.Whether you’re a red teamer, security researcher, or just curious about AI in offensive security, this talk will give you actionable insights, practical techniques, and a glimpse into the future of AI-powered pentesting.

SENSE (Shadow Exposure & eNterprise Surveillance for AI) is an open-source cybersecurity tool designed to detect and monitor unauthorized or "shadow" AI instances in enterprise environments. As organizations increasingly adopt AI technologies, unapproved AI services—such as external API calls to platforms like OpenAI or Hugging Face, or local model execution—pose significant security and compliance risks. SENSE addresses this emerging threat by analyzing network traffic and endpoint processes to identify AI-related activities, providing enterprises with critical visibility into shadow AI usage.

This presentation outlines why detection must evolve as AI reshapes cyber attacks. Chad Scrupps explains how preemptive security changes attacker behavior using realistic Decoys and Honeytokens that trigger on malicious intent. The session highlights major threat vectors, including credential theft, insider compromise, and AI driven fraud campaigns. It covers how structured deception creates high-signal monitoring points near critical assets across Acalvio Technologies environments such as cloud, endpoints, OT networks, and directory services.

What happens when AI agents go to war? In this live demonstration, fully autonomous red team agents will attack a simulated enterprise environment while blue team agents defend, detect, and respond - all with minimal human intervention. You'll watch the future of offensive and defensive security unfold in real time as agents adapt, coordinate, and execute strategies that emerge during the battle itself.

In this Black Hat Files episode, we explore what it takes to secure mental health platforms where the data is deeply personal, and the stakes are high.

Forget hierarchy, the most effective defenders are those who lead from wherever they stand. In this talk, Bernard Assaf explains how every cybersecurity professional can shape culture, influence peers, and build trust across teams. Learn the small leadership habits that create lasting impact - starting from day one of your career

Global gaming platforms run on thousands of dependencies and partners. Xbox and Riot leaders dig into where attackers slip in - and how to stop them.

This session explores how advanced AI enhances network detection and response when combined with rich, high-fidelity network evidence. Basil Shahin explains how Corelight’s open NDR approach delivers deep visibility, strengthens threat investigations, and improves detection accuracy. The talk highlights practical use cases where AI and structured network data work together to reveal hidden activity and accelerate analyst workflows.

Exploring how AI tools are being used to revolutionise fraud detection and prevention by detecting anomalies, predicting threats, and automating responses.

A deep dive into the unseen vulnerabilities of today’s entertainment ecosystem - from on-set systems and cloud-based editing suites to global content delivery networks. The session explores where cyber risk hides in the production-to-distribution workflow and how a single breach can leak multimillion-dollar assets before release. Expect real-world examples of ransomware, supply-chain compromises, and credential abuse in creative environments, along with strategies to harden workflows without slowing production.

Tired of Googling persistent XSS and being swamped with Stored XSS write-ups? Lets take a dive into what persistent XSS really means and how modern browsers try to prevent us from achieving it.Modern web applications have outpaced traditional Cross-Site Scripting (XSS) techniques like stored XSS and iFrame traps, which falter against page navigation, X-Frame-Options headers, Content Security Policy, and EDR/AV detection. This hands-on bootcamp explores why true persistent XSS is a complex challenge and introduces BRAT (Browser Remote Access Tool), a new open-source framework built to address these modern barriers.We dive into the persistence problem, examining why simple framing no longer suffices in today’s browsers. Legacy tools like BeEF, while pioneering, rely on methods less effective against current browser standards and APIs. BRAT builds on BeEF’s persistence foundation but integrates modern technologies, such as advanced DOM manipulation and lightweight payloads, to ensure stability and bypass defenses. BRAT also introduces unique attacks, like live remote view, for real-time monitoring of infected web applications.This session analyses legacy tool limitations and showcases BRAT’s Command-and-Control functionality for red/purple team engagements. A live demo on a simulated banking app will highlight BRAT’s innovative features, including its remote-view capability, and demonstrate its real-world impact. Attendees will understand why persistence remains a tough problem, how BRAT redefines XSS exploitation, and why older approaches fall short, gaining a modern mental model for advanced attacks. Join us to rethink XSS and build on the legacy of tools like BeEF.

Infostealer malware is built to collect and dump anything useful from a device. This includes saved browser credentials, autofill data, session cookies, API tokens, wallet addresses, and app-specific passwords. Once collected, these logs are uploaded to Telegram bots, marketplaces, or leak sites.The research walks through how these logs are typically structured and what credentials they contain. Examples include login details for GitHub, Slack, AWS, Gmail, Notion, Discord, Office 365, database dashboards, and internal dev tools. Logs often include SSH private keys, JWT tokens, and webhook URLs. In many cases, cookies allow attackers to access services without even needing passwords.By analyzing some incidents using OSINT methods, the research maps the lifecycle of credential stealers. It covers the path from infection, to log exposure, to potential misuse. The examples are based on public stealer log collections and show how much sensitive access data ends up in the open. + Working and defense from common infostealers like Raccoon, Redline, and LummaC2.

The path to becoming a CISO isn’t linear - it’s shaped by key choices, defining chapters, and hard lessons. This session breaks down how skills, mindset, and pivotal career decisions come together to turn practitioners into impactful security leaders.

This session examines how organisations assess cyber risk and where those assessments break down. Ameer Khan explains the gap between perceived risk and measurable exposure, highlighting common errors in scoring, asset valuation, and threat modelling. The talk outlines practical methods to ground risk decisions in real data and improve accuracy across security planning and operations.

For the blurb: As Saudi Arabia accelerates into its role as a global digital leader, the Kingdom’s reliance on strong, future-ready cryptography has never mattered more. In this session, Prasanth Prasad, CTO spire solutions, charts how the National Cryptography Standards (NCS) provide the foundation for securing today’s infrastructure while preparing for quantum-era disruptions already on the horizon.The talk cuts through abstraction and focuses on what organizations can do right now: automatically discover their true cryptographic footprint, eliminate weak or outdated implementations, secure high-exposure north–south traffic, and begin adopting quantum-resilient mechanisms such as QRNG and hybrid cryptography.Attendees leave with a clear, actionable roadmap, from inventory to prioritization to crypto agility, ensuring their environments, and the Kingdom, are ready for the transition from classical to quantum-safe security.

A strategic conversation on building cross-national alliances to tackle threats that don’t respect borders.

Modern attackers bypass traditional defenses,making deep network visibility essential. This session will demonstrate using Netwitnesshow security teams can identify anomalies, tracklateral movement, and conduct advanced networkforensics to stay ahead of cyber threats.

Critical infrastructure is no longer a fortress, it’s a moving target. In this session, we dissect the anatomy of modern cyber threats against rail systems and explore how AI governance, zero trust, and operational resilience converge to protect the backbone of mobility. Expect sharp insights, real-world attack scenarios, and a blueprint for defending what moves nations.

Despite decades of security maturity, organizations still fall to the same old flaws. As AI accelerates discovery, exploitation, and deception, the challenge isn’t just in finding vulnerabilities but proving we’ve truly closed the old vulnerabilities and can rapidly respond to the new ones. This talk explores how to break the cycle and build confidence in security at scale.

This session examines the risks created by third-party vendors and service providers. Malak Aldakheel and Abdullah Alqahtani outline the gaps that appear when organisations rely on external partners for critical operations. The talk covers weaknesses in access control, data handling, monitoring, and contractual oversight. It also highlights practical steps to assess vendor security posture and reduce exposure across the supply chain.

The session will talk about the latest advances in AI & Cybersecurity, specifically for SOC Detection Engineering.We will start by introducing some concepts about AI, Machine Learning & Data Science.And then we will walk our way through:1. How to apply machine learning models in SIEM for Threat Detection and even Threat Hunting2. Then we will move towards Language Models, we will start with Masked Language Models (MLMs) and then move towards Large Language Models (LLMs (a surprising results is that MLMs are currently better than LLMs because they are more cost efficient and take microseconds to run so they can enrich thousands of events per second unlike LLMs)3. And finally we will mention how LLMs can be used to automate some SOC functions and some investigation playbooks