Monthly Archives: March 2025

What We’re Watching at Black Hat Asia 2025 (And Where to Find Dradis)

Leave a reply

We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal  
Business Hall – Arsenal Station 3
📅 April 3, 10:05am-11:20am

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

🔐 Briefings We’re Watching

🚗 DriveThru Car Hacking: Fast Food, Faster Data Breach

Speakers: Alina Tan, George Chen, et al
Tracks: Privacy, Network Security
A real-world case study of how a popular drive-thru system was compromised—leading to credential theft, data exfiltration, and a full system takeover. (Search the schedule page for the talk title)

Link: https://www.blackhat.com/asia-25/briefings/schedule/#drivethru-car-hacking-fast-food-faster-data-breach-43514

🧠 Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

Speaker: Allyn Stott
Tracks: AI, Threat Hunting
Learn how to detect and respond to attacks on GenAI chatbots, including jailbreaks, prompt leaks, and advanced threat scenarios targeting language model behaviors.

Link: https://www.blackhat.com/asia-25/briefings/schedule/#tinker-tailor-llm-spy-investigate–respond-to-attacks-on-genai-chatbots-44556

☁️ The Illusion of Isolation: How Isolation Failures in CI/CD Servers Lead to RCE

Speakers: Tian Zhou, Yiwen Wang
Tracks: Enterprise Security, Application Security
Demonstrates real-world RCE attacks exploiting shared resources in CI/CD environments. Focuses on sandbox bypasses, namespace collisions, and cross-tenant abuse.

Link: https://www.blackhat.com/asia-25/briefings/schedule/#the-illusion-of-isolation-how-isolation-failures-in-cicd-servers-lead-to-rce-and-privacy-risks-43618

🚀 Unveiling the Mysteries of Qualcomm’s QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering

Speaker: Alisa Esage
Track: Reverse Engineering
An advanced reverse engineering walkthrough using QDSP6 JTAG on Qualcomm SoCs. Details undocumented memory regions, interface access, and mobile firmware analysis.

Link: https://www.blackhat.com/asia-25/briefings/schedule/#unveiling-the-mysteries-of-qualcomms-qdsp-jtag-a-journey-into-advanced-theoretical-reverse-engineering-44550

📱 Watch Your Phone: USB-Based File Access Attacks Against Mobile Devices

Speakers: Florian Draschbacher, Lukas Maar
Tracks: Mobile, Exploit Dev
A look at how attackers can access sensitive data on Android phones simply by connecting over USB—even when locked. Includes analysis of newly discovered file access vectors.

Link: https://www.blackhat.com/asia-25/briefings/schedule/#watch-your-phone-novel-usb-based-file-access-attacks-against-mobile-devices-43262

🔥 One Bug to Rule Them All: Preauth RCE on Windows Server 2025

Speakers: Zhiniang Peng, Lewis Lee
Tracks: Exploit Dev, Platform Security
Explores a novel pre-auth remote code execution vulnerability affecting Windows Server 2025, with a reliable exploitation chain and working proof of concept.

Link: https://www.blackhat.com/asia-25/briefings/schedule/#one-bug-to-rule-them-all-stably-exploiting-a-preauth-rce-vulnerability-on-windows-server–44144

🎓 Trainings Worth Highlighting

🧬 A Complete Practical Approach to Malware Analysis and Threat Hunting Using Memory Forensics (Online)

Trainers: Monnappa K A & Sajan Shetty
Great for anyone bridging DFIR and reverse engineering in incident response.

Link: https://www.blackhat.com/asia-25/training/schedule/index.html#a-complete-practical-approach-to-malware-analysis-and-threat-hunting-using-memory-forensics—-edition-online–42806

🔐 Advanced Infrastructure Hacking

Trainer: NotSoSecure / Tiago Carvalho
Packed with practical labs for seasoned pentesters focusing on modern networks.

Link: https://www.blackhat.com/asia-25/training/schedule/index.html#advanced-infrastructure-hacking–42864

🤖 AI Red Teaming in Practice

Trainers: Gary Lopez, Dr. Amanda Minnich (Microsoft AI Red Team)
Learn how real AI systems get attacked—and how Microsoft red teams fight back.

Link: https://www.blackhat.com/asia-25/training/schedule/index.html#ai-red-teaming-in-practice–43046

🧑‍💼 From the Executive Summit

🧠 Accelerating ML SecOps: Breaking Barriers, Fueling Innovation

Speaker: Andrew Chen
The opening keynote for the AI Summit—and a great signal on where the field is heading.

Link: https://www.blackhat.com/asia-25/summit-sessions/schedule/index.html#opening-keynote–accelerating-ml-secops-breaking-barriers-fueling-innovation-44566

💸 The War Against State Actors: Bleeding Edge Techniques Targeting Financial Services

Speaker: Vivek Ramachandran
If you’re defending high-value financial infrastructure, don’t miss this.

Link: https://www.blackhat.com/asia-25/summit-sessions/schedule/index.html#the-war-against-state-actors-bleeding-edge-techniques-targeting-financial-services-44898

🤖 LLM Firewalls: Are They the Future of AI Security?

Speakers: Matthias Chin, Xiaojun Jia
Fireside chat on securing AI models with perimeter-style defenses—what works, what’s hype?

Link: https://www.blackhat.com/asia-25/summit-sessions/schedule/index.html#fireside-chat–llm-firewalls-are-they-the-future-of-ai-security-44576

👋 Come say ‘Hi’

If your team is tired of copying and pasting findings, fighting with Word templates, or working in silos—come see how Dradis makes reporting and collaboration painless.

📍 Dradis @ Arsenal
📅 March 27, 15:30–17:50 SGT
🔗 Event link