Skip to content

Cybersecurity

Black Hat 2025 and DEFCON 33 debriefing

Summer HackerCamp is over for 2025 and the experience was unique. A few keynotes, vendor meetings, hacking villages and more than 30 hours of travel time later, I can confidently announce that it was all worth it. Being based in Europe, there is nothing similar that I have experienced, which brings so many cybersecurity enthusiasts from around the world at one place, to learn, connect and advance the field.

The organization, given the size of both conferences was near perfect and any inconveniences due to long queues or similar, was mainly due to conference center and room limitations. The presentations at both conferences, at least the ones I attended, were brilliant. I attended presentations of researchers hacking Apple CarPlay, Cursor, Microsoft Copilot and all sorts of AI agents and assistants, while I experienced truly inspiring keynote talks by Mikko Hyppönen and Nicole Perlroth. I was especially inspired by Perlroth's keynote who bridged geopolitics, national security and actual real life with the work being done in Cybersecurity over the last decades, using unguided, direct and engaging storytelling.

DEFCON simply exceeded my expectations for a few key reasons: - the people, the culture, the attitude - the number of insanely well driven villages - the actual potential to see and learn new techniques and engage with fellow hackers

I am still in the process of trying to put my notes and thoughts in order, because the overall experience and information received is overwhelming. However, if I could highlight a few key points from this year's conferences would be the following: - AI cannot solve everything, it will probably not cost much less when done properly. It needs AppSec, proper architecture, specific context and a lot of penetration testing. - Prompt injection is a real threat and something you have to account for if you are building generative AI systems. But it's not the only threat to consider. Trying to contain a prompt for security is hard, so keep in mind that as with all the things in security, every input is a potential attack vector. - Expose yourself, share your ideas and engage with people. Ask for opinions and look at what others do.

Looking forward to the next Hacker SummerCamp, whenever that may be.

Preparing for Black Hat and DEFCON 2025

It's almost time to board the plane and head to Las Vegas to attend the two most famous cybersecurity conferences in the world. I thought I'd drop a few lines to capture my thoughts before the conferences begin.

Black Hat

Agentic AI and AI/LLM security are everywhere. Considering all the pre-conference product presentations, I think that only a handful are missing AI capabilities. What drew my attention, though is companies that are offering identity management, access control and AI governance, which shows how this field seems to be evolving in an uncontrolled way for each company. Additionally, there are companies offering complete agentic and automated SOC analysts, AppSec architects and it just seems that this year as well, everything will be dominated by AI. Not entirely unexpected or unjustified...

There are also presentations on LLM exploitation, AI 0-day exploits and AI secure architecture that looks really promising. I am looking forward to James Kettle's talk "HTTP/1.1 Must Die! The Desync Endgame" and also, Nicole Perloth's keynote, who is the author of one of my favorite books "This is how they tell me the world ends". The Black Hat app is really neat and helps organize the experience, although it feels a bit outdated.

DEFCON

This is really a "dream come true" for me and I think that for a good few hours I will be wandering around like a child in a candy shop.. When reality hits me, I will for sure attend both the social engineering village and the AppSec village that have amazing things planned. I believe the social engineering village will be integrating AI assistants to help hacking and I'm sure that the results will be great. What I am hoping for is to meet people interested in agentic AI development and hacking.

Zenmap & Nmap Parser

This is goind to be a quick blog post.

Introducing my new open source tool that parses nmap and zenmap output files from XML and creates CSV reports for further analysis.

Application L7 Denial-of-Service attacks

image

In February 2023 Sweden suffered a series of Distributed Denial-of-Service attacks (DDoS) and several Swedish websites were knocked down. A DoS is a type of attack that the attacker uses to make victim services unavailable, usually by sending large number of malicious requests. The number of incoming requests becomes so high that legitimate requests end up not being handled by the victim's services, thus the denial-of-service. DoS is also usually distributed in the sense that multiple bots (or zombies) and attacker-controlled machines take part in the attack to increase the probability of a successful attack. As reference, Cloudflare stated that it stopped a DDoS peaking 71 million requests per second in February 2023!