Barry Schramm, Marcus Wong, Jason Wood | 11 August 2025 

It’s August in Las Vegas, which can only mean two things: scorching desert heat and the organised chaos of Defcon. This year, Fortian’s leadership, Barry Schramm, Marcus Wong, and Jason Wood made our annual pilgrimage to Defcon 33, joining more than 30,000 fellow security professionals, hackers, and curious onlookers for three days of talks, demos and the occasional surprise.
‍

‍

We head to Defcon for one key reason: to keep our finger on the pulse of the latest security research and developments. The threats our customers face don’t stand still, and neither can we. We want to see these security developments first-hand so we can bring that knowledge home and put it to work.

However, it’s not all serious note-taking. We’re also there for the entertaining talks, to reconnect with old friends and colleagues (shoutout to Claude, Ben, Jerry and Christian!), and to have those unexpected chats with random strangers that lead to new insights. We also go to soak up the passion, energy, and creativity that makes the security community unique.

In this post, we want to share some of the more interesting and useful talks we attended, along with links to the presentation materials and papers so you can explore them in more detail. Videos of the talks are generally released on YouTube (eventually) and we will link to these when available.  

Our top talks (in no particular order) are as follows:

1. HTTP/1.1 Must Die! The desync endgame: James Kettle has been waging a battle to see the end of HTTP/1.1 for quite some time, and keeps turning up with new reasons to support the cause. This year was no exception, with James continuing to find novel ways to abuse it, including running an accidental desync attack on Cloudflare’s internal infrastructure. (Link)
2. Turning MS login page to our phishing infrastructure: Phishing is an ever-present issue, but one of the defences we do have is users identifying that the site they are being sent to isn’t legitimate.  Keane Nys has come up with some novel ways to “fix” that problem if you’re a phisher by (ab)using the Entra ID login page in a variety of ways.  In many cases these won’t be able to be easily addressed by Microsoft, nor detected by the blue teams. (Defcon paper)
3. Advanced Active Directory to Entra ID lateral movement techniques: Dirk-Jan Mollema started with a short review of existing known attacks and accompanying mitigations against Entra ID in hybrid environments, and then moved on to some novel policy and Exchange-based attacks.  If you’re running Exchange on-prem and Exchange online and haven’t yet split the Service Principles, now is the time to do so. (Defcon paper, Microsoft blog post)
4. ‍Claude: climbing a CTF scoreboard near you. It woudn’t be a security conference these days without some focus on AI.  In this talk, Keane Lucas from Anthropic’s Frontier Red Team shared the results of experiments using the Claude AI assistant to compete in real-world Capture the Flag and cyber defense events. With the right prompts, tools, and sometimes multi-agent setups, Claude rapidly solved many beginner-to-intermediate challenges, sometimes outperforming human teams early on.  However, it struggled with tasks requiring specialised tools, long-term context, or strategic patience, occasionally making mistakes such as inventing flags or trying to bypass competition rules. The results showed that while AI can already be a capable CTF teammate, it still has clear limits in persistence, memory, and complex decision-making. We think this is likely to change pretty quickly, and soon AIs like Claude will be capable of boosting a security company’s speed and capability in both offensive and defensive operations. (Defcon paper)
5. ‍Invitation is all you need! Invoking Gemini for workspace agents using a simple Google Calendar invite.  Still in the theme of AI, researchers Ben Nassi, Stav Cohen, and Or Yair showed how a Google Calendar invite can be weaponised to hijack Google’s Gemini AI, launching “Targeted Promptware” attacks that delete events, exfiltrate emails, send spam, and even control smart-home devices.  Their very cool proof-of-concept blended AI prompt injection with real-world automation abuse and turned an everyday productivity tool into a significant attack vector. Google has since added filters, detection, and user confirmations, but the talk remains a standout example of AI integrations becoming unexpected security gaps. (Defcon paper, online papers here and here)
6. ‍Cash Drugs and Guns: Why your safes aren’t safe. We love talks that involve reverse engineering firmware and hacking hardware to bypass physical security measures as they remind us that cyber security requires a holistic approach that must include physical considerations. In this talk, security researchers Mark Omo and James Rowley demonstrated two attacks through firmware analysis and hardware hacking, one exploiting default recovery codes, the other accessing a hidden debug port that could open a safe in minutes and even developed specialist hardware to do so. These vulnerabilities affect a popular brand of locks that is used in everything from home gun safes to retail narcotics storage. While the flaws can be mitigated by changing default settings, many users never do, and believe it or not, the manufacturer’s initial suggested remedy was to purchase newer models. (Defcon paper, Wired article)

 

Defcon never disappoints. The talks this year covered an incredible range of ideas and challenges and we’ve only touched on a handful of the talks we managed to get to. There were plenty more we missed that would have been just as interesting.  The insights we did bring home are already sparking ideas about how to tackle emerging threats.

More than anything, Defcon is a reminder that security is a team sport, built on passion, shared knowledge, curiosity, and a willingness to experiment. We’ll be keeping an eye on how these projects develop and are already counting down to Defcon 34.