BlueHat IL 2026 - Oran Avraham, Ori Lahav - Exploiting Zero-Days via PostgreSQL Internals

In this presentation, we introduce the audience to the world of vulnerabilities in AI orchestration platforms. We researched some of the key players - Langflow, n8n, and Activepieces - uncovering multiple zero-day vulnerabilities across these ecosystems. We will show an RCE, a .tar symlink vulnerability in a chatbot turned into server takeover, and how knowing database internals and system design turns simple vulnerabilities into powerful attacks: A single mistake in JWT token validation forces an underlying ORM to drop WHERE conditions and return random files. To exploit this leak more reliably, we explore PostgreSQL internals, specifically sequential scans, and implement "heap-shaping" techniques within the PostgreSQL physical storage. Knowing system internals still matters in the new world of AI software.

BlueHat IL 2026 - Ezra Caltum, Anders Fogh - Life and death of a CPU bug
▶︎

BlueHat IL 2026 - Ezra Caltum, Anders Fogh - Life and death of a CPU bug

BlueHat IL 2026 - Michal Kamensky, Amir Gombo - Hybrid Cloud: A Novel Vulnerability Playground
▶︎

BlueHat IL 2026 - Michal Kamensky, Amir Gombo - Hybrid Cloud: A Novel Vulnerability Playground

Discover a Hands-Off Approach to Endpoint Management
▶︎

Discover a Hands-Off Approach to Endpoint Management

The Database That Should Be Dead but Runs the Internet
▶︎

The Database That Should Be Dead but Runs the Internet

BlueHat IL 2026 - Dan Lahav - Keynote - The Trajectory of Frontier AI Security
▶︎

BlueHat IL 2026 - Dan Lahav - Keynote - The Trajectory of Frontier AI Security

Illia Polosukhin
▶︎

Illia Polosukhin

Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones
▶︎

Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones

BlueHat IL 2026 - Avi Lumelsky - Leveraging AI Architecture for RCE Across Leading Inference Servers
▶︎

BlueHat IL 2026 - Avi Lumelsky - Leveraging AI Architecture for RCE Across Leading Inference Servers

BlueHat IL 2026 - Alon Livne, Matan Mansheroff - Two Tales of hacking 90s MS-DOS Software
▶︎

BlueHat IL 2026 - Alon Livne, Matan Mansheroff - Two Tales of hacking 90s MS-DOS Software

BlueHat IL 2026 - Daniel Bachmat - The Secret War for the Spectrum
▶︎

BlueHat IL 2026 - Daniel Bachmat - The Secret War for the Spectrum

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

BlueHat IL 2026 - Shahar Tal, Yarden Porat - Déjà Vuln: When Classic Exploits Hit AI Agents
▶︎

BlueHat IL 2026 - Shahar Tal, Yarden Porat - Déjà Vuln: When Classic Exploits Hit AI Agents

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

BlueHat IL 2026 - Maor Abutbul - Why-So-QUIC!? Racing and Fuzzing HTTP/3 WebApps using QuicDraw-UI
▶︎

BlueHat IL 2026 - Maor Abutbul - Why-So-QUIC!? Racing and Fuzzing HTTP/3 WebApps using QuicDraw-UI

I Built a Two Story Forest House in 15 Days with No Money: Solo Bushcraft Survival (Full)
▶︎

I Built a Two Story Forest House in 15 Days with No Money: Solo Bushcraft Survival (Full)

BlueHat IL 2026 - Nati Tal, Shaked Chen - When AI Browsers Talk Too Much
▶︎

BlueHat IL 2026 - Nati Tal, Shaked Chen - When AI Browsers Talk Too Much

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
▶︎

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan

BlueHat IL 2026 - David Driker, Yuval Sadowsky - VoidLink Internals
▶︎

BlueHat IL 2026 - David Driker, Yuval Sadowsky - VoidLink Internals

BlueHat IL 2026 - Netanel Ben Simon, Alon Leviev - Attacking and Securing Windows Recovery
▶︎

BlueHat IL 2026 - Netanel Ben Simon, Alon Leviev - Attacking and Securing Windows Recovery

BlueHat IL 2026 - Gal Bar Nahum - How HTTP/2 Lets Dead Streams Keep Servers Working
▶︎

BlueHat IL 2026 - Gal Bar Nahum - How HTTP/2 Lets Dead Streams Keep Servers Working