BLACK HAT 2026 ASIE
Thursday | 8:00am
Briefings Coffee & Tea Break
Track
:
Location
: Orchid Main Ballroom
Thursday | 9:15am
Keynote: Privacy is the Captain. Security is the Practice.
Speaker:
Violet Blue
Track
: Keynote
Format
: 60-Minute Keynote
Location
: Roselle Junior Ballroom 4610/4710
Keynote Overflow Room
Track
: Keynote
Format
: 60-Minute Keynote
Location
: Simpor Junior Ballroom 4812/4813
Thursday | 10:20am
AirSnitch: Breaking Client Isolation in Wi-Fi Networks
Speaker:
Mathy Vanhoef
,
Speaker:
Zhiyun Qian
,
Contributor:
Xin'an Zhou
,
Contributor:
Juefei Pu
,
Contributor:
Zhutian Liu
,
Contributor:
Zhaowei Tan
,
Contributor:
Srikanth Krishnamurthy
Tracks
: Network Security, Cryptography
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network
Speaker:
Yumingzhi Pan
,
Contributor:
Zhen Ling
,
Contributor:
Yue Zhang
,
Contributor:
Hongze Wang
,
Contributor:
Guangchi Liu
,
Contributor:
Junzhou Luo
Tracks
: Cyber-Physical Systems & IoT, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
VsyncBreaker: Subverting Screen Trust via State Disruption and ONE-WAY Flooding
Speaker:
WeiMin Cheng
,
Contributor:
Zhihan Lin
,
Contributor:
Sheng Cao
,
Contributor:
Songzhou Shi
Tracks
: Mobile, Platform Security
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Your Number Is Up: When 3.5 Billion Strangers Can Exploit Your WhatsApp Devices
Speaker:
Tal Be'ery
Tracks
: Privacy, Cryptography
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Thursday | 11:00am
Briefings Refreshment Break
Track
:
Location
: Orchid Main Ballroom
Thursday | 11:20am
AlgoBuster: Systematic Algorithmic Brute-Force Attacks Against UDS Security Access in Automotive ECUs
Speaker:
Jianwen Ren
,
Speaker:
Jianchi Jiang
,
Contributor:
Su Shengfeng
,
Contributor:
Lin Zengda
,
Contributor:
Chen Guannan
Tracks
: Hardware / Embedded, Cyber-Physical Systems & IoT
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Bad Vibes - Pwning Coding Agents 70 Times With The Same Bugs
Speaker:
Philip Tsukerman
,
Speaker:
Nil Ashkenazi
,
Contributor:
Alon Zahavi
Tracks
: AI, ML, & Data Science, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
Breaking Hybrid Boundaries Across Azure and Windows
Speaker:
Ilan Kalendarov
,
Speaker:
Ben Zamir
Tracks
: Cloud Security, Enterprise Security
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Practical Attacks Against Smartphone Boot ROMs
Speaker:
Christopher Wade
Tracks
: Mobile, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Thursday | 12:00pm
Briefings Lunch
Track
:
Location
: Orchid Main Ballroom
Thursday | 1:30pm
Cast Attack: A New Threat Posed by Ghost Bits in Java
Speaker:
Xinyu Bai
,
Speaker:
Zhihui Chen
,
Contributor:
Zongzheng Zheng
Tracks
: Application Security: Offense, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Exploiting BLE Re-Pairing with the BLERP Attacks
Speaker:
Tommaso Sacchetti
,
Speaker:
Daniele Antonioli
Tracks
: Mobile, Cyber-Physical Systems & IoT
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
ShadowMQ: Exploiting Message Queue Flaws in AI Inference Servers for Widespread RCE
Speaker:
Avi Lumelsky
,
Contributor:
Uri Katz
,
Contributor:
Gal Elbaz
Tracks
: AI, ML, & Data Science, Enterprise Security
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
When Flash Reveals Its Secrets: Advanced Glitching Leveraging Hidden CPU–eMMC Behavior
Speaker:
Jie Fu
,
Contributor:
Qiang Qin
,
Speaker:
Shaohua Zhang
,
Contributor:
Chunmei Zhang
,
Contributor:
Yang Chen
,
Contributor:
YuJie Lu
,
Contributor:
WeiChao Zhou
Tracks
: Hardware / Embedded, Reverse Engineering
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Thursday | 2:30pm
Breaking the Illusion of Key Zeroization: How OS, Libraries, and Hardware Keep Your AES Keys Alive
Speaker:
Toyofumi Sawa
,
Speaker:
Kuniyasu Suzaki
Tracks
: Cryptography, Platform Security
Format
: 30-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Hidden Telemetry: Uncovering TraceLogging ETW Providers You're Not Using (Yet)
Speaker:
Asuka Nakajima
Tracks
: Defense & Resilience, Reverse Engineering
Format
: 30-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Qualcomm BootROM: A Journey Through Sahara
Speaker:
Alexander Kozlov
,
Speaker:
Sergey Anufrienko
Tracks
: Hardware / Embedded, Exploit Development & Vulnerability Discovery
Format
: 30-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
Tropic Trooper Reloaded: Unraveling the Invisible Supply Chain Mystery
Speaker:
Suguru Ishimaru
,
Speaker:
Satoshi Kamekawa
Tracks
: Threat Hunting & Incident Response, Malware
Format
: 30-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Thursday | 2:55pm
Your Honeypots Are Too Boring to Find Zero-Days
Speaker:
Simo Kohonen
Tracks
: Exploit Development & Vulnerability Discovery, Enterprise Security
Format
: 25-Minute Business Hall
Location
: Business Hall Theatre 2
Thursday | 3:00pm
Briefings Refreshment Break
Track
:
Location
: Orchid Main Ballroom
Thursday | 3:20pm
More JVM Memory Shells - JVM Memory Shell Auto Searching Program
Speaker:
Litong Wan
,
Speaker:
Fanghai Yu
,
Contributor:
Yang Jing
,
Contributor:
Dongyan Zhang
,
Contributor:
Huan Zeng
Tracks
: Malware, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Overkill: Hijacking a Wi-Fi 7 Chip for SYSTEM Privileges
Speaker:
Nicola Stauffer
,
Speaker:
Gürkan Gür
Tracks
: Hardware / Embedded, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
Post-Quantum Cryptography: A Realistic Guide to Manage the Transition
Speaker:
Jean-Philippe Aumasson
Tracks
: Policy, Cryptography
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
When Office Attacks - XLL Chains and Enterprise EDR Nightmares
Speaker:
Thanmayee Rao
Tracks
: Enterprise Security, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Thursday | 4:20pm
Beyond the Golden Image: A Self-Healing Image Supply Chain
Speaker:
Neelu Tripathy
,
Speaker:
Lovlesh Malik
Tracks
: Application Security: Defense, Cloud Security
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Graph-Aware LLM for Windows Logon with a Closed-Loop Guarded Detection Agent
Speaker:
Shusei Tomonaga
Tracks
: Enterprise Security, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox
Speaker:
Xiang Li
,
Speaker:
Yuqi Qiu
,
Contributor:
Mingming Zhang
,
Contributor:
Zuyao Xu
,
Contributor:
Lu Sun
,
Contributor:
Fasheng Miao
Tracks
: Network Security, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
We'll Eat Your Serial for Breakfast: Exploiting Serial-to-IP Converters in Critical Infrastructure
Speaker:
Stanislav Dashevskyi
,
Speaker:
Francesco La Spina
Tracks
: Cyber-Physical Systems & IoT, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Friday | 8:00am
Briefings Coffee & Tea Break
Track
:
Location
: Orchid Main Ballroom
Friday | 9:00am
Keynote: From Prompt Tricks to Autonomous Hackers: The Rise of Agentic Offensive Security
Speaker:
Ari Herbert-Voss
Track
: Keynote
Format
: 60-Minute Keynote
Location
: Roselle Junior Ballroom 4610/4710
Keynote Overflow Room
Track
: Keynote
Format
: 60-Minute Keynote
Location
: Simpor Junior Ballroom 4812/4813
Friday | 10:20am
CLOAQ: Ensuring the Cloud Quantum Computer Runs Your Program… But Learns Nothing
Speaker:
Vivek Balachandran
,
Speaker:
Amal Raj
Tracks
: Reverse Engineering, Application Security: Defense
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
IntentGuard: Securing LLM-Generated Cloud Configurations Through Intent-Aligned Semantic Validation
Speaker:
Anna Bacher
,
Speaker:
Chris Wysopal
Tracks
: Application Security: Defense, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
The Rentable IoT Meltdown: Mass Scale Hijacking of Shared Mobility and EV-Charging Fleets
Speaker:
Hetian Shi
Tracks
: Cyber-Physical Systems & IoT, Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
WhisperPair: A Security Analysis of Google Fast Pair
Speaker:
Seppe Wyns
,
Speaker:
Sayon Duttagupta
,
Speaker:
Nikola Antonijeviæ
,
Contributor:
Dave Singelée
,
Contributor:
Bart Preneel
Tracks
: Mobile, Cyber-Physical Systems & IoT
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Friday | 11:00am
Briefings Refreshment Break
Track
:
Location
: Orchid Main Ballroom
Friday | 11:20am
Discovering React2Shell: JavaScript's Long-Awaited Deserialization Flight-mare
Speaker:
Lachlan Davidson
Tracks
: Exploit Development & Vulnerability Discovery, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
Fortifying the Foundation: LLM-Empowered Differential Testing for the Ethereum Infrastructure
Speaker:
Jie Ma
,
Speaker:
Ningyu He
,
Contributor:
Chiachih Wu
,
Contributor:
Haoyu Wang
,
Contributor:
Ying Gao
,
Contributor:
Yinliang Yue
Tracks
: Application Security: Defense, Platform Security
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Inside Cybercrime Inc: Lessons From Covering the Global Fraud Boom
Speaker:
Sue-Lin Wong
Tracks
: Enterprise Security, Human Factors
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
No Time to Patch: Faster Detection and Counteraction of N-Day Exploits in Chromium-based Apps
Speaker:
Wenxiang Qian
,
Speaker:
Zhixin Tu
Tracks
: Defense, Threat Hunting & Incident Response
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Friday | 12:00pm
Briefings Lunch
Track
:
Location
: Orchid Main Ballroom
Friday | 1:30pm
Cyber-Paleontology in the Age of AI
Speaker:
Vitaly Kamluk
Tracks
: Malware, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
Remote Server, Local Root. Welcome to MCP.
Speaker:
Jiacheng Zhong
,
Contributor:
Shuyang Wang
,
Contributor:
Zhengyu Liu
,
Contributor:
Aonan Guan
Tracks
: AI, ML, & Data Science, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Silicon Valley's Quiet Leak: Revealing User Activity on macOS for Apple Silicon
Speaker:
Xin Zhang
,
Speaker:
Zhi Zhang
,
Contributor:
Chang Liu
,
Contributor:
Qingni Shen
,
Contributor:
Trevor E. Carlson
Tracks
: Platform Security, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
The Dark Side of Autonomy: Exploiting DFIR Agents Through Adversarial Manipulation
Speaker:
Yusuke Nakajima
Tracks
: Threat Hunting & Incident Response, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Friday | 2:30pm
Capture the Narrative - Social Media Manipulation Wargaming for Cyberliteracy and Research
Speaker:
Hammond Pearce
Tracks
: Human Factors, AI, ML, & Data Science
Format
: 30-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Hack the Source, Of the Source
Speaker:
Tsi-Lin Ng
Track
: Application Security: Offense
Format
: 30-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
Lost in Normalization: From URL Quirks to Poisoning the Azure Supply Chain
Speaker:
Nir Ohfeld
,
Speaker:
Ronen Shustin
Tracks
: Cloud Security, Application Security: Offense
Format
: 30-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
One Char to Rule Them All: Systematically Exploring and Exploiting DNS Silent Vulnerabilities in Domain Name Resolution
Speaker:
Fasheng Miao
,
Speaker:
Xiang Li
,
Contributor:
Changqing An
,
Contributor:
Jilong Wang
Tracks
: Exploit Development & Vulnerability Discovery, Network Security
Format
: 30-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
Friday | 2:55pm
Mobile Track Spotlight
Moderator:
Anant Shrivastava
,
Panelist:
Pamela O'Shea
,
Panelist:
Shanna Daly
Track
: Mobile
Format
: 25-Minute Business Hall
Location
: Business Hall Theatre 1
Friday | 3:00pm
Briefings Refreshment Break
Track
:
Location
: Orchid Main Ballroom
Friday | 3:20pm
Payload Compromised: Full Key Recovery in Rocket.Chat E2EE
Speaker:
Hayato Kimura
,
Contributor:
Ryoma Ito
,
Contributor:
Kazuhiko Minematsu
,
Contributor:
Takanori Isobe
Tracks
: Cryptography, Application Security: Offense
Format
: 40-Minute Briefings
Location
: Orchid Junior Ballroom 4311/4312
PhantomRPC: A New Privilege Escalation Flaw in Windows RPC
Speaker:
Haidar Kabibo
Track
: Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4812/4813
The Black Hat Asia Network Operations Center (NOC) Report
Speaker:
Bart Stump
,
Speaker:
Neil R. (a.k.a. Grifter) Wyler
Tracks
: Network Security, Application Security: Defense
Format
: 40-Minute Briefings
Location
: Roselle Junior Ballroom 4610/4710
The Gift That Keeps on Giving: Bypassing Authentication Reflection Mitigations for SYSTEM Shells
Speaker:
Guillaume André
Tracks
: Platform Security, Reverse Engineering
Format
: 40-Minute Briefings
Location
: Simpor Junior Ballroom 4810
Friday | 11:00pm
AI in the Loop: Large-Scale macOS PID-Domain Vulnerability Discovery with LLM Reasoning (ON-DEMAND ONLY)
Contributor:
l_m_h l_m_h
,
Speaker:
Yinyi Wu
,
Speaker:
Yingqi Shi
,
Contributor:
Yuchong Xie
,
Contributor:
Cheng Li
,
Contributor:
Yizhuo Wang
Tracks
: Exploit Development & Vulnerability Discovery, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: On-Demand
Cache Me, Catch You: Exploiting LLM Caching Layers in vLLM, GPTCache & Friends (ON-DEMAND ONLY)
Speaker:
Xiangfan Wu
,
Contributor:
Lingyun Ying
,
Contributor:
Guoqiang Chen
,
Contributor:
Yacong Gu
,
Contributor:
Haipeng Qu
Tracks
: AI, ML, & Data Science, Exploit Development & Vulnerability Discovery
Format
: 30-Minute Briefings
Location
: On-Demand
IDEsaster 2.0: Another Novel Vulnerability Class in AI IDEs (ON-DEMAND ONLY)
Speaker:
Ari (MaccariTA) Marzouk
Tracks
: AI, ML, & Data Science, Exploit Development & Vulnerability Discovery
Format
: 40-Minute Briefings
Location
: On-Demand
Model Files → Memory Corruption → RCE: Weaponizing the Triple-Stage AI Attack Chain (ON-DEMAND ONLY)
Speaker:
Ji'an Zhou
,
Speaker:
Lei Lu
,
Contributor:
Li'shuo Song
Tracks
: Exploit Development & Vulnerability Discovery, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: On-Demand
The Curious Case About Apple and Its Intelligence (ON-DEMAND ONLY)
Speaker:
Bhargav Rathod
,
Contributor:
Debasis Parida
Tracks
: Threat Hunting & Incident Response, AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: On-Demand