SafeBreach, a leader in enterprise exposure validation, announced on July 30, 2025, that its SafeBreach Labs research team will present three pieces of original research across four sessions at Black Hat USA 2025 (August 2–7) and DEF CON 33 (August 7–10) in Las Vegas. The sessions focus on AI security vulnerabilities and novel Windows attack surfaces, reinforcing SafeBreach’s reputation for cutting-edge cybersecurity research, with over 50 zero-day discoveries and two Pwnie Award nominations for Most Innovative Research and Best Privilege Escalation.
Events: Black Hat USA 2025 (August 2–7) and DEF CON 33 (August 7–10), Las Vegas.
Sessions: Four talks covering AI-powered workplace system vulnerabilities and Windows RPC exploits.
Key Findings: Targeted Promptware Attacks on Gemini for Workspace, RPC-Racer toolset for RPC client manipulation, and Win-DDoS botnet exploiting Windows RPC.
Impact: Over 70% of Promptware risks are high/critical; new DoS vulnerabilities can crash domain controllers or any Windows PC.
SafeBreach Platform: Integrates findings into its Hacker’s Playbook with 30,000+ attacks, offering 24-hour SLA for new threat testing.
Booth: Visit SafeBreach at Black Hat booth #5416 for demos and expert discussions.
When/Where: Black Hat (August 6, 4:20 PM PT), DEF CON (August 10, 10:00 AM PT)
Presenters: Or Yair, Ben Nassi, Stav Cohen
Details: Demonstrates a new “Targeted Promptware Attack” exploiting Gemini for Workspace via Google Calendar invites. Attackers can trigger 15 exploitations, including toxic content generation, phishing, spamming, calendar event deletion, home appliance control, video streaming, and victim geolocation. Over 70% of risks are high/critical, requiring urgent mitigations. The session highlights vulnerabilities in Gemini’s web, mobile, and Google Assistant interfaces, emphasizing the need for robust AI security.
When/Where: DEF CON (August 8, 2:00 PM PT)
Presenter: Ron Ben Yizhak
Details: Introduces the RPC-Racer toolset, which exploits Windows RPC vulnerabilities allowing unprivileged users to impersonate trusted RPC servers. By racing services at boot time or tricking high-integrity processes, attackers can manipulate RPC clients, posing significant risks. The session showcases real-world exploitation scenarios and SafeBreach’s proactive validation approach.
When/Where: DEF CON (August 10, 12:30 PM PT)
Presenters: Or Yair, Shahak Morag
Details: Builds on LDAPNightmare research, unveiling a novel “Win-DDoS” technique that exploits Windows RPC to create a botnet using tens of thousands of public domain controllers. The team discovered four new DoS vulnerabilities, capable of crashing individual domain controllers or any Windows PC in a domain. The session discusses implications for enterprise resilience and OS-level hardening strategies.
SafeBreach Labs has presented at every Black Hat USA and DEF CON USA for seven years, delivering over 50 talks globally. The team’s 50+ zero-day discoveries and contributions to the MITRE ATT&CK® framework underscore its leadership. “The team’s work reveals critical vulnerabilities across both AI-powered workplace systems and traditional Windows infrastructure,” said Tomer Bar, VP of Security Research at SafeBreach. The findings enhance SafeBreach’s Exposure Validation Platform, which integrates with SIEM, SOAR, and vulnerability management tools, offering 30,000+ attacks and a 24-hour SLA for new threat coverage.
The sessions align with growing concerns about AI-driven threats and Windows vulnerabilities. Gartner predicts 40% of enterprises will face AI-related attacks by 2026, while Microsoft’s 2025 Digital Defense Report notes a 78% increase in identity-based attacks exploiting RPC weaknesses. SafeBreach’s research, responsibly disclosed to Microsoft and Google, provides actionable insights for enterprises, with patches already issued for some vulnerabilities. The platform’s adoption by major financial, healthcare, and manufacturing firms highlights its impact.
Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends. Today Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience.
SafeBreach is the leader in enterprise-grade exposure validation, providing the world’s largest brands with safe and scalable capabilities to understand, measure and remediate threat exposure and associated cyber risk. The award-winning SafeBreach exposure validation platform combines pioneering breach and attack simulation and innovative attack path validation capabilities to help enterprise security teams measure and address security gaps at the perimeter and beyond. Backed by a world-renowned original threat research team and world-class support, SafeBreach helps enterprises transform their security strategy from reactive to proactive safely and at scale.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.