Black Hat Europe 2025 | A crash course in revealing insecure blind spots for DoS & DDoS
Domain Controllers (DCs) are organizations' crown jewels. A successful Denial-of-Service (DoS) attack against them can terminate authentication processes and cause widespread disruption. Our previous LdapNightmare research - the first public pre-auth DC DoS exploit for CVE-2024-49113, revealed that DCs can be turned into LDAP clients by communicating with their NetLogon RPC server. These clients could then be crashed by a single invalid value they receive. This taught us that remotely triggered client code is a blind spot that overtrusts. Eager to find other blind spots in servers on DCs, we asked - what will make server code overtrust? abstraction layers! We realized that although common server code nowadays mostly mitigates classic server risks, that's maybe untrue in case it's transport-agnostic, uses heavy abstractions, and focuses mostly on the application's logic. Starting by targeting remotely triggered LDAP client code, we found a vulnerability that denies service from DCs, or alternatively can be exploited to manipulate them to join a DDoS botnet attack. Then, we moved on to target Windows' most common transport-agnostic wrapped server code - RPC functions. By exploiting security gaps in RPC bindings, we developed novel techniques allowing to hammer a single RPC server tens of thousands of times simultaneously from a single system, far surpassing standard concurrency limits! And WOW- this armed us beyond our expectations, with vulnerabilities crashing any form of Windows, both servers and endpoints! Our blind spot hypothesis turned out to be the reality. In this talk, we'll present "Win-DoS" - A set of tools exploiting 30 DoS vulnerabilities we discovered in Domain Controllers and Windows endpoints. Most vulnerabilities do not require any authentication, and one even allows not only to crash, but also to effortlessly initiate a botnet harnessing the upload rates and vast resources of any public DCs to participate in DDoS attacks. By: Or Yair | Security Research Team Lead, SafeBreach Shahak Morag | Security Researcher https://blackhat.com/eu-25/briefings/...
![Nicholas Carlini - Black-hat LLMs | [un]prompted 2026](https://i.ytimg.com/vi/1sd26pWhfmg/hqdefault.jpg?sqp=-oaymwE9CNACELwBSFryq4qpAy8IARUAAAAAGAElAADIQj0AgKJDeAHwAQH4Af4JgALQBYoCDAgAEAEYciBmKDYwDw==&rs=AOn4CLBn1sRfbeYcMnkqD2mtRZhq1TO6JQ)
Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
Black Hat Europe 2025 | From Live Exploitation to Zero-Day Discovery: Investigating Attacks on Gogs
Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers - Tal
How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025
Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
Kernel-Hack-Drill Masterclass // Alexander Popov // #PHTalks KL
Passkeys Explained: Are They Actually Better Than Passwords?
Attacking AI - Jason Haddix - NDC Security 2026
Black Hat Europe 2025 | Unveiling System Management Mode Memory Corruption Vulnerability Via Fuzzing
Black Hat Europe 2025 | Flaw And Order: Finding The Needle In The Haystack Of CodeQL Using LLMs
OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
Black Hat Europe 2025 | You Win Some, You CheckSum: A Kerberos Delegation Vulnerability
Your Life As Every Cybersecurity Rank
Black Hat Europe 2025 | The Post-NVD Era: A Call for Global CVE Decentralization
I spent 7 days evading America’s 82 MILLION surveillance cameras
🚗 BYD : The biggest SCAM of the car industry ?
Most Devs Get API Authentication Wrong ?
Personal VPNs: Encryption Myths and Data Security Explained
