LAS VEGAS—BLACK HAT 2025—July 30, 2025 – SafeBreach, the leader in enterprise exposure validation, today announced that members of its SafeBreach Labs research team will present three pieces of groundbreaking original research across four sessions at the Black Hat USA 2025 and DEF CON 33 conferences in Las Vegas next week.
This year’s sessions further cement the reputation of the SafeBreach Labs team as recognized experts and thought leaders in cybersecurity research. Over the past seven years, team members have consistently earned speaking slots at both Black Hat USA and DEF CON simultaneously, while presenting more than 50 additional talks at conferences around the world. In addition, the SafeBreach Labs team has discovered 50+ zero-day vulnerabilities and been nominated twice for the Pwnie Awards for Most Innovative Research and Best Privilege Escalation.
The team’s research this year will demonstrate significant vulnerabilities in AI-powered workplace systems and Windows operating system components that impact enterprise security:
Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite
- At Black Hat on Wednesday, August 6 at 4:20 pm PT
- At DEF CON on Sunday, August 10 at 10:00 am PT
- SafeBreach Security Research Team Lead Or Yair, cybersecurity expert Ben Nassi, and PhD Student Stav Cohen will present their discovery of a new variant of Promptware called Targeted Promptware Attacks that allows Gemini for Workspace agents to be hacked through simple Google Calendar invitations, revealing 15 different exploitations across Gemini’s web interface, mobile application, and Google Assistant. The session will explain how attackers can generate toxic content, perform spamming and phishing, delete calendar events, control home appliances, video stream and geolocate victims, and more. Their findings indicate that more than 70% of identified Promptware risks are high/critical and require immediate mitigations.
You Snooze, You Lose: RPC-Racer Winning RPC Endpoints against Services
- At DEF CON on Friday, August 8 at 2 pm PT
- SafeBreach Security Researcher Ron Ben Yizhak will present how he discovered the ability for unprivileged users to impersonate trusted RPC servers—and how SafeBreach’s new RPC-Racer toolset identifies and exploits these vulnerabilities. From racing services at boot time to tricking high-integrity processes into trusting malicious fake servers, this session dives deep into manipulation of RPC clients and demonstrates the real-world risks.
Win-DoS Epidemic: A crash course in abusing RPC for Win-DoS & Win-DDoS
- At DEF CON on Sunday, August 10 at 12:30 pm PT
- Building on original LDAPNightmare research released earlier this year, SafeBreach Security Research Team Lead Or Yair and Research Lead Shahak Morag will discuss how they exploited security gaps in Microsoft Windows RPC to develop a novel DDoS technique—dubbed Win-DDoS—that can harness the power of tens of thousands of public domain controllers around the world to create a malicious botnet with vast resources. The presentation will also demonstrate how they discovered four new DoS vulnerabilities along the way, with abilities ranging from crashing an individual domain controller to crashing any Windows computer within a domain. The presentation raises implications for enterprise resilience, risk modeling, and defense strategies, while providing new insights for OS-level hardening.
“The SafeBreach Labs team has established a remarkable history of presenting original research at both Black Hat USA and DEF CON, and this year is no different,” said Tomer Bar, VP of Security Research at SafeBreach. “The team’s work reveals critical vulnerabilities across both AI-powered workplace systems and traditional Windows infrastructure, showcasing the critical need for organizations to continuously validate their security posture against emerging attack vectors. We’re proud of the impact this research has not only in strengthening the SafeBreach exposure validation platform, but also in helping the broader security community understand and defend against these sophisticated threats.”
The SafeBreach exposure validation platform is utilized by some of the largest financial services, healthcare, manufacturing, and transportation organizations in the world to validate security control performance, identify gaps, and take remedial action to strengthen security posture and reduce overall business risk. SafeBreach maintains a 24-hour service-level agreement (SLA) to add new attacks to its Hacker’s Playbook based on critical US-CERT and FBI Flash alerts, so customers can immediately test against the latest threats. With the industry’s most advanced threat research team, SafeBreach is able to ensure its playbook boasts an unmatched collection of 30,000+ attacks.
For more information about the sessions or to schedule a time to connect with SafeBreach experts at Black Hat USA 2025 on August 5-9 and DEF CON on August 7-10, stop by our booth #5416 or visit safebreach.com/black-hat-usa-2025/.