Hello folks, and welcome to the first post on thefreshly updated blog layout!

We hope the new design offers a smoother, more engaging experience.
How are you liking it so far?

Feel free to drop a comment below (you can do that now hehe), not just to tell us your thoughts on the new look, but also to say hello and dive into the discussion.

From December 8th to December 11th, I’ll be in London, soaking up the latest research and connecting with some of the brightest minds in the industry.

It still feels surreal, but the last thing I intend to do is arrive unprepared. So, let’s take a deep dive into what this year’s Black Hat Europe has to offer and map out the critical sessions we absolutely cannot miss!

BlackHat Structure

But wait, what am I actually doing there?

Before I dive into my hit list, let’s clarify the playing ground.

Briefings

The main event. These are the technical "talks" where researchers drop 0-days, new attack vectors, or architectural breakdowns. No sales pitches allowed, just pure research.

Arsenal

This is where my GitHub stars usually come from. Developers showcase their open-source tools live. You can walk up to the dev, see the tool in a terminal, and ask: "Why did you write this in Rust?" It’s interactive and deeply technical.

Trainings

Multi-day, deep-dive hands-on courses that happen before the main briefings. Think "Advanced Windows Kernel Exploitation" for 4 days straight.

My curated picks for 2025

The Black Hat schedule is dense, but after filtering through the noise, I have narrowed it down to the sessions that offer genuine technical value or novel attack vectors.

This is not the full agenda; this is my personal hitlist of research that aligns with the projects I am currently working on, specifically hardening, web exploitation, and infrastructure attacks.

1. Enterprise & Cloud Exploitation

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies

Wednesday, Dec 10 | 04:20pm | Piotr Bazydlo

This looks like the most critical technical talk of the week for enterprise environments. The researcher will cover a fundamental flaw in .NET Framework HTTP client proxies, demonstrating how to abuse WSDL files to achieve Arbitrary File Write and eventual Remote Code Execution.

My Take: Given the prevalence of legacy .NET in corporate environments you read about every other day, this is immediate fuel for future engagements. I want to understand .NET better and see how it's still in-use, even at the big corporate level

One Entry Point to Thousands of Phones: China-Nexus APT Exploiting Ivanti

Wednesday, Dec 10 | 11:20am | Arda Büyükkaya

A deep dive into a specific APT campaign where attackers chained CVE-2025-4427 and CVE-2025-4428 (Java Expression Language injection) to hit Ivanti EPMM servers.

My Take: I am interested in the "pivot." The description mentions moving from the mobile appliance directly into Entra ID cloud environments. Understanding that specific lateral movement path would be so cool.

Fifty Dollars To Root The Cloud

Wednesday, Dec 10 | 10:20am | Jesse De Meulemeester et al.

Confidential Computing is supposed to be the holy grail of cloud security. This research from KU Leuven demonstrates low-cost memory interposer attacks that challenge that assumption.

My Take: We often rely on provider assertions regarding hardware security. Seeing a practical, low-cost hardware attack against cloud infrastructure helps ground those assumptions in reality.

2. Hardening, OS Internals & Defense

Silence On macOS: What 70K Binaries Reveal About The macOS Malware Ecosystem

Wednesday, Dec 10 | 03:20pm | Obinna Igbe & Godwin Attigah

The speakers have analyzed nearly 50,000 malicious binaries to map out the ecosystem. They will present findings on how 96% of macOS malware remains unsigned or uses revoked certificates to bypass Gatekeeper.

My Take: Since I have been spending many hours writing a custom macOS hardening tool, this is mandatory viewing. I specifically want to see their data on Gatekeeper bypasses to ensure my hardening rules actually mitigate these real-world techniques.

Unsafe Code Detection Benchmark: Stress-Testing SAST And LLMs

Thursday, Dec 11 | 01:30pm | Andrew Konstantinov

A benchmark comparing traditional Static Application Security Testing (SAST) against Large Language Models in detecting backend vulnerabilities.

My Take: Everyone is pushing AI into the dev pipeline. I want to see hard data on whether LLMs are actually catching complex logic bugs or just halluncinating vulnerabilities.

The Black Hat Europe Network Operations Center (NOC) Report

Thursday, Dec 11 | 03:20pm | Neil Wyler & Bart Stump

The NOC team shares statistics and stories from the conference network, detailing the tools and techniques used to secure a hostile network environment.

My Take: A Black Hat tradition. It is usually a mix of terrifying data and humor regarding how security professionals behave on open WiFi, but the architectural insights on how they stabilize the network are always useful.

3. Hardware, IoT & Physical Systems

Project Brainfog: Hacking Smart Cities One Building At A Time

Wednesday, Dec 10 | 01:30pm | Gjoko Krstic

Zero Science Lab is disclosing over 800 vulnerabilities in Building Automation Systems (AspectFT). These systems run Linux and Java and control infrastructure in over 220 cities.

My Take: "800 vulnerabilities" implies a complete failure of the software development lifecycle. I want to see the backdoors and debugging functionalities they found; it sounds like a masterclass in how not to design embedded systems.

Don't Judge An Audiobook By Its Cover: Taking Over Your Amazon Account With A Kindle

Thursday, Dec 11 | 02:30pm | Valentino Ricotta

The researchers found a vulnerability in the parsing of Audible audiobooks on the Kindle, taking over the Amazon account...

My Take: Fuzzing proprietary file formats is an art form. Seeing how they turned a parsing error into full account takeover is exactly the kind of creative exploit chain I enjoy learning about.

Ghosts in the Stream: Exposing Lives and Devices Behind Encrypted Doors

Wednesday, Dec 10 | 02:30pm | Kristopher Schlett

A look at the privacy flaws in the new Matter IoT standard. Even with encryption, traffic pattern analysis allows for fingerprinting specific devices and user behaviors.

My Take: Matter is becoming the universal standard. If the protocol design itself leaks metadata, that is a long-term problem we will be dealing with for years.

4. Strategy & Keynotes

Inside the Ransomware Machine

Wednesday, Dec 10 | 09:00am | Max Smeets

Max Smeets from ETH Zurich opens the event by dissecting the ransomware economy and how it is adapting to modern defenses.

My Take: I am looking for the economic angle here. Understanding the business model of the adversary helps in predicting their next moves better than just analyzing their malware.

From Script Kiddie to Cyber Kingpin

Thursday, Dec 11 | 09:00am | Joe Tidy

BBC Cyber Correspondent Joe Tidy looks at the sociology of cybercrime, specifically the Vastaamo hack.

My Take: Technical skills are one thing, but understanding the psychological progression from teenage hacking culture to organized crime provides necessary context for threat intelligence.

Regarding the 8th and 9th? I don't know what awaits me there yet. Once I know I'll let you know if i can hihi, i'm so frcking excited.

See You in London?

This is more than just an attendance list; it’s an operational blueprint for maximizing my learning next month.

I’m heading to London focused on bringing back cutting-edge techniques and knowledge.

If you are also attending Black Hat Europe, whether you are presenting at Arsenal or just deep in the Briefings, please reach out!

I’d love to connect, discuss the latest research, or just talk shop over coffee.

Let me know in the comments below which sessions you think I absolutely must add to this agenda, or, better yet, tell me which vulnerabilities you are hoping to see disclosed this year.