TALKS & SPEAKERS

Abstract

CVE-2025-38001 is the story of how we exploited a Linux network scheduler 0-day for a 82k USD bounty by creating a novel red-black tree attack technique. We find that the manipulation of red-black node metadata can achieve a pointer copy primitive through a tree rebalance, ultimately unlocking more powerful attack capabilities. Our journey begins with an infinite loop bug, which we then convert into a use-after-free. From there, we develop a reliable, data-only exploit that compromises major Linux distributions and all baseline instances of Google’s kernelCTF. We subsequently adapt our approach to also defeat the instance hardened with state-of-the-art mitigations. Finally, we break the bounty program’s proof-of-work system and achieve the quickest submission ever.

Abstract

The explosive rise of artificial intelligence has driven unprecedented global demand for GPUs. To satisfy it, cloud providers have created Infrastructure-as-a-Service (IaaS) products specific for AI and machine learning workflows. These platforms rely on CUDA, NVIDIA’s proprietary toolkit for GPU hardware acceleration. Holding more than 90% of the datacenter GPU market, nearly every AI/ML workload runs on NVIDIA hardware, placing critical trust in its driver stack. This architecture concentrates risk, making these drivers a high commodity attack surface in the serverless cloud AI/ML ecosystem.

In this talk, IBM’s X-Force Offensive Research (XOR) unveils 0-day vulnerabilities in the NVIDIA CUDA driver stack and discuss their implications to the greater cloud security model. They detail their vulnerability discovery process, which includes a fuzzing campaign, as well as outline the exploitation techniques which bypass modern kernel mitigations (such as CONFIG_SLAB_VIRTUAL that protects against cross-cache attacks) to escape hardened containers and gain root on the host. With a single vulnerability granting kernel mode execution, attackers can escalate to root on the host and breach multi-tenant isolation, exposing the models, datasets, and credentials of every tenant sharing the GPU.

Abstract

For nearly two decades, Windows has been plagued with NTLM reflection vulnerabilities. This special case of NTLM authentication relay has historically led to local privilege escalation or even remote command execution, although with some limitations. Over time, mitigations against this class of vulnerability were implemented, leading to a false assumption that NTLM reflection attacks were relics of the past. This presentation will shatter that assumption by covering the research that led to the discovery of CVE-2025-33073, a logical vulnerability leading to authenticated RCE as SYSTEM on almost any Windows machine and without any user interaction.

In this talk, fundamental concepts about authentication relay attacks will be explained, as well as the context surrounding the research and the accidental discovery of the vulnerability. Afterwards, a methodical investigation of the root cause of the vulnerability will be presented, first by analysing network captures and then by performing a thorough reverse-engineering of LSASS internals and its NTLM authentication provider.

Subsequently, we will shift our attention to Kerberos, where we will demonstrate that CVE-2025-33073 is not restricted to NTLM and that it also affects Kerberos. After a brief reminder of the protocol, in-depth insights in its integration within LSASS will be discussed as well as an undocumented behavior, to understand why this vulnerability also applies to Kerberos.

Finally, the patch analysis will be presented. We will detail how it fixes the specific attack vector described in this presentation and how it may not be enough to completely eradicate this class of vulnerability. We will conclude by explaining how the exploitation of this vulnerability could have been prevented even before it was found and the current state Windows machine hardening.

Abstract

Wi-Fi has become the backbone of modern IoT communication and is now found in a wide range of devices such as smartphones, in-vehicle infotainment systems, smart cameras, smart TVs, and home routers. If attackers uncover vulnerabilities in Wi-Fi implementations, they can launch indiscriminate attacks against any Wi-Fi device, disrupting or even taking control of your daily life.

Until now, attacks on Wi-Fi devices often required Wi-Fi passphrase to join the private network before launching any attack. However, our in-depth analysis of MediaTek’s Wi-Fi implementation uncovered multiple “shortcuts” allowing hackers to gain control without authentication. Notably, a frame injection vulnerability was discovered that allows unauthenticated attackers to skip pairwise master key validation and gain private network access. And what’s more, we dug deeper and uncovered vulnerabilities in MediaTek’s Wi-Fi frame processing that allows nearby attackers to achieve remote code exeuction without requiring a Wi-Fi passphrase.

In this talk, we will present Wi-Fi architecture alongside practical techniques for reverse-engineering and exploiting it. Attendees will learn how to analyze custom instructions, use debugging tools, and leverage public resources to reconstruct MediaTek’s Wi-Fi chipset architecture. We will cover authentication bypass, frame-parsing flaws, and Wi-Fi 7 vulnerabilities, demonstrating how each can be used to compromise Wi-Fi devices. By the end of the session, attendees will have mastered a repeatable methodology for uncovering and exploiting Wi-Fi vulnerabilities.

Abstract

Hardware wallets are designed to provide a secure environment for managing cryptocurrency assets, isolating critical secrets from potentially compromised user systems. Due to the nature of the assets being protected, vendors come up with various security features to protect the private keys from physical, remote and supply chain attacks. However, what if a simple USB communication flaw could render these protections meaningless?
This talk presents a critical vulnerability in the Cypherock X1 hardware wallet, where an out-of-bounds write in the USB packet processing logic leads to a full compromise of the device.
We will walk through the discovery process, root cause analysis, and exploitation techniques, demonstrating how a malicious USB payload can extract a user’s private keys in real-time while they interact with the wallet. A live Proof-of-Concept (PoC) will showcase how malware on a user’s PC can invisibly steal funds, highlighting the urgent need for hardware wallet vendors to implement rigorous input validation and memory safety checks.

Abstract

On a cold, sunny autumn day, we sat down with Gergely in a Starbucks to brainstorm a few ideas for vulnerability research. We quickly found out that we both identified a vulnerability which we both thought was not possible to exploit. While we talked through it, we realized that it might be possible, and that is when our journey started in developing an exploit. We will walk through the entire exploit development process, and how we managed to overcome each obstacle one by one. In our talk we will cover sandbox extensions, XPC calls, reverse XPC calls, ACL inheritance and file system race conditions. This was all needed to gain LPE and escape the sandbox using a vulnerability in osanalyticshelper, which is now identified as CVE-2025-24277.

Abstract

Introduced in 2019 to enhance asynchronous I/O performance, Linux’s io_uring subsystem initially faced multiple vulnerabilities stemming from its inherent complexity. While io_uring was briefly enabled in kCTF, it was later quarantined over security concerns pending further hardening efforts. Over time, continuous patches and refinements have significantly improved its security. Google even experimentally re-enabled it in a limited-time kernelCTF promotion to evaluate its robustness. While only two 0-days were identified during the event, lingering design flaws suggest that io_uring’s security story is far from over.

One vulnerability reflecting this ongoing fragility is CVE-2025-21836, a race condition triggered during memory mapping. While it may appear to be a straightforward race at first glance, it in fact results from generations of security patches in shared memory management. Fixes for lifetime mismanagement and locking inconsistencies led to RCU misuse, which was later patched with reference count protections — inadvertently introducing another racy object update. Furthermore, these vulnerabilities share recurring kernel bug patterns that are often mishandled, highlighting systemic design flaws that repeatedly cause regressions, even in mature subsystems like io_uring.

In this presentation, I will first introduce Linux io_uring, describing its memory-sharing mechanism and I/O buffer design. Following that, I will explain how historical patches cumulatively led to CVE-2025-21836, which I discovered during kernelCTF. I will also share the exploitation details, including techniques to make the restricted race condition more reliably exploitable. Finally, I will conclude with a discussion of the difficulties in maintaining shared memory: challenges that are not easily resolved through shallow patching in the modern kernel.

Abstract

Some vulnerabilities remain deeply hidden within systems for years. Sometimes, even when discovered, they are considered unexploitable due to their restrictive primitives. This presentation discusses a unique exploit targeting Firefox that was demonstrated at Pwn2Own Berlin 2025, showcasing how deeply hidden and seemingly unexploitable vulnerabilities can be transformed into reliable exploits through innovative exploitation techniques.

We’ll explore how connecting similar implementation issues for the JavaScript (JS) Promise specification across different browsers revealed a six-year-old Firefox vulnerability. This approach can be extended to other JS specifications to uncover further hidden vulnerabilities. We’ll also present a novel technique for exploiting undefined fields in SpiderMonkey JS engine objects to creatively convert a highly restricted out-of-bounds write (OOBW) primitive into a use-after-free (UAF), ultimately achieving type confusion for more powerful exploitation primitives. Furthermore, we’ll detail state-of-the-art heap grooming and garbage collection manipulation techniques specifically tailored for SpiderMonkey heaps. In addition to all that, we’ll introduce a novel, universal method for faking arbitrary objects in SpiderMonkey without requiring object shape addresses to be leaked, a technique with broad applicability across SpiderMonkey-based exploits.

Abstract

At Pwn2Own Berlin 2025, we demonstrated a critical UAF vulnerability in Redis’s Lua interpreter that has existed for 15 years. This vulnerability exploits an UAF that resets 2 bits, enabling arbitrary code execution with a 100% success rate.
In this presentation, we will detail how the UAF vulnerability was leveraged to gain arbitrary read capabilities, perform object faking, and ultimately achieve arbitrary code execution. Notably, the exploit successfully bypassed modern security mitigations such as ASLR, PointerGuard, and CET.
This session will outline the precise steps and techniques used to craft a reliable exploit.

Abstract

The Secure Enclave Processor is the cryptographic coprocessor of the iPhone which handles sensitive information like user data encryption or biometrics. SEP is designed to be independent from the main processor, with its own separate bootrom as well as dedicated peripherals (such as an AES engine). Public information about SEP is scarce and outdated, mainly because it is one of the few firmware Apple still encrypts today.
This presentation intends to fill the gap in knowledge and dive into the security features added by Apple over the years.

This includes:

• Pointer Authentication Code (PAC) to prevent control-flow hijacking
• SEP patches to fix potential vulnerabilities in the SEPROM
• Trusted Boot Monitor to ensure only the SEPROM code can execute at start

Abstract

This talk explores how rookie hackers are trained and grow within Korea’s security ecosystem, and how our team collaborated to tackle a complex vulnerability in the VirtualBox virtualization platform.
We provide a brief overview of VirtualBox’s architecture and attack surface, then detail the vulnerability’s unique characteristics, the custom exploit primitive we developed, and the technical challenges we overcame.
The talk concludes with how our exploit led to a successful win at Pwn2Own 2025.

Abstract

Abstract

Bluetooth has always been considered as an attractive target since it is present almost everywhere (TV, automotive charger, connected fridge) and especially on mobile devices as it runs as a privileged process with potential access to microphone, address book, etc.

In september and october 2023, Android published security bulletins that fixed critical vulnerabilities in their Bluetooth stack (Fluoride) that could lead to remote code execution.

The CVE-2023-40129 is an integer overflow vulnerability in the GATT protocol that does not require prior authentication with the target device.

The vulnerability is quite challenging to exploit as the integer overflow leads to a 64 KB overflow that acts like a tsunami devastating every objects in its path leading to a crash of the Bluetooth daemon.

Recently, at OffensiveCon 2025, the Android Red Team at Google behind the discovery of the bugs presented a PoC exploit for a sibling vulnerability targeting Pixel devices. However their exploit assumes the ASLR is disabled and the attacker is already paired with the target device. Attempting to exploit Fluoride looked like a fun challenge to the authors, who managed to exploit it without those assumptions
and successfully got remote code execution.

During this talk, the authors will present several Bluetooth features such as ERTM transmission mode and congestion that offer interesting primitives to shape the heap, preventing the 64 KB overflow from crashing the process. More precisely, they will detail their exploitation strategy for both Android native
allocators: Scudo and Jemalloc. Finally, they will showcase a demo of the exploit to get remote code execution (interactive shell) over Bluetooth on Samsung and Xiaomi devices.

Abstract

We all love security, right? And when we trust a security component to safeguard our most valuable assets such as passwords, key material and biometrics, we want to believe they’re doing a good job at it. But what happens when this assumption is flawed, and the chip that was going to protect our assets turns against us?
In this talk we’ll present the ReVault attack that targets the ControlVault3 module embedded in over 100 different laptops models from Dell. We will demonstrate how a low privilege user can fully compromise the chip, plunder its secrets, gain persistence on its application firmware and even hack Windows back. Are you ready for the heist?

Abstract

KEYNOTE