CanSecWest2025_newtype

The LaunchAnywhere vulnerability in Android has been a significant security concern, enabling unprivileged applications to escalate privileges and invoke arbitrary protected or privileged activities. Despite extensive mitigation efforts by Google, such as introducing destination component checks via the resolveActivity API, these defenses have proven insufficient. In this talk, we introduce BadResolve, a novel exploitation technique that bypasses these checks using TOCTOU (Time of Check to Time of Use) race conditions. By controlling previously unforeseen parameters, BadResolve allows attackers to exploit Android's Intent resolution process, reintroducing LaunchAnywhere vulnerabilities.

We demonstrate how BadResolve works in practice, providing instructions for exploiting race conditions with 100% reliability, allowing unprivileged apps to invoke privileged activities. Our research also uncovers new CVEs that affect all Android versions, highlighting ongoing risks such as silent app installations, unauthorized phone calls, and modifications to critical system settings.

Additionally, we present a novel approach combining Large Language Models (LLMs) with traditional static analysis techniques to efficiently identify such kind of vulnerabilities in Android and OEM’s opensource and closed-source codebases.

AI is everywhere. From help bots to logistics systems to your car, it seems like every software company wants every new feature they release to include AI. But how do we keep it secure? In this session, we will discuss the threat landscape for AI systems.

As cybersecurity threats continue to escalate in complexity and frequency, organizations increasingly rely on automation to enhance their defenses. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as powerful tools for streamlining operations and reducing the burden of repetitive tasks on security teams. However, implementing SOAR is not without its challenges. This presentation will explore the common challenges organizations encounter when deploying SOAR and provide actionable strategies to overcome them. By examining real-world scenarios and best practices, attendees will gain insights into managing expectations, developing effective playbooks, addressing training and adoption barriers, and ensuring seamless integration with existing tools such as Security Information and Event Management (SIEM) systems. The session will cover practical approaches to conducting readiness assessments, planning phased rollouts, and measuring success to ensure that SOAR implementations deliver tangible results. Additionally, lessons learned from successful deployments will be shared to help participants avoid common pitfalls and realize the full potential of SOAR in their security operations. Common SOAR Pain Points to discuss: Integration challenges with existing tools and technologies, such as SIEMs and threat intelligence platforms. Misaligned expectations between stakeholders and technical teams. Automation pitfalls, including over-automation and inadequate planning. Training and adoption barriers within security teams. Maintaining playbook relevance in evolving threat landscapes. Intended Audience: This session is designed for cybersecurity managers, SOC analysts, engineers, and other professionals who are considering or actively planning to implement SOAR solutions in their organizations. It will provide valuable insights into overcoming implementation challenges and maximizing the benefits of SOAR to streamline operations and enhance incident response capabilities.

As deepfake technology rapidly evolves, its application in social engineering has reached a new level of sophistication. This talk will explore a real-world red team engagement where AI-driven deepfake voice cloning was leveraged to test an organization’s security controls. Through extensive research, we examined multiple deepfake methods, from video-based impersonation for video calls to voice cloning for phishing scenarios. Our findings revealed that audio deepfakes were the most effective and hardest to detect by human targets.

In this engagement, we successfully cloned a CTO’s voice using audio samples extracted from a publicly available podcast interview. A trained AI model was then developed to convincingly replicate the executive’s voice. This model was deployed in a social engineering campaign targeting the organization’s helpdesk, who believed I was their Chief Technology Officer for about 11 minutes.

This talk will provide attendees with an in-depth look at how threat actors exploit deepfake technology, the technical process of voice cloning, and the implications for enterprise security. We will also discuss countermeasures and detection techniques that organizations can implement to mitigate these emerging threats.

The once theoretical AI bogeyman has arrived—and it brought friends. Over the past 12 months, adversaries have shifted from exploratory probing to weaponized exploitation across the entire AI stack, requiring a fundamental reassessment of defense postures. This presentation dissects the evolution of AI-specific TTPs, including advancements in model poisoning, LLM jailbreaking techniques, and the abuse of vulnerabilities in ML tooling and infrastructure. One of the most concerning recent developments relates to architectural backdoors, such as ShadowLogic. Last year, we discussed the use of serialization vulnerabilities to execute traditional payloads via hijacked models, but ShadowLogic is quite a different beast. Instead of injecting easily detectable Python code to compromise the underlying system, ShadowLogic uses the subtleties of machine learning to manipulate the model’s behavior, offering persistent model control with a minimal detection surface. Attacks against generative AI have also stepped up, with threat actors devising novel techniques to bypass AI guardrails. Multimodal systems add to the attack surface, as indirect prompt injection is now possible through images, audio, and embedded content—because nothing says "secure by design" like accepting arbitrary input from untrusted users! The cybercrime ecosystem is naturally adapting to the shifting priorities, and AI-focused hacking-as-a-service portals are popping up on the Dark Web, where adversaries turn carefully guardrailed proprietary LLMs into unrestricted content generators. Even Big Tech is playing whack-a-mole with its own creations, with Microsoft's DCU recently taking legal action against hackers selling illicit access to its Azure AI. Finally, AI infrastructure itself is proving increasingly prone to attack. The number of ML tooling vulnerabilities has surged, fueled by arbitrary code execution flaws that could allow attackers to take over AI pipelines. GPU-based attacks are also on the rise, allowing for sensitive AI computations to be extracted from shared hardware resources. As these threats continue to evolve, defenders must shift from reactive fixes to proactive security-by-design approaches to mitigate the growing risks AI systems face today.