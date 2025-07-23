BOSTON, July 23, 2025 (GLOBE NEWSWIRE) -- Today, Rapid7, Inc. (NASDAQ: RPD), a leader in threat detection and exposure management, announced its dynamic speaker lineup from Rapid7 Labs for Black Hat USA 2025 and DEF CON 33, taking place in Las Vegas this August. Conference organizers selected these speakers’ abstracts from among hundreds of submissions to showcase their groundbreaking research on emerging threats and vulnerabilities, complete with live demos of attack techniques and tools.

Rapid7 Labs stands at the forefront of cybersecurity innovation, providing teams with a community-driven approach to security with open-source tools and research-informed, curated intelligence so they can more effectively identify, assess, and mitigate threats. Earlier this year, Rapid introduced Intelligence Hub , which unifies global threat intelligence expertly curated by Rapid7 Labs researchers.

Rapid7 Labs Session Lineup

The knowledge Rapid7 Labs speakers will share at this year’s Black Hat and DEF CON represents the company’s 25 years of security program expertise, enabling session attendees to proactively address today’s most pressing cybersecurity challenges.

Metasploit's Latest Attack Capability and Workflow Improvements

Date & Time: Wednesday, August 6 | 11:00 AM - 11:55 AM PDT

Location: Business Hall, Arsenal Station 6

Conference: Black Hat 2025

Track: Exploitation and Ethical Hacking

Presented by Rapid7’s Spencer McIntyre, Senior Security Research Manager, and Jack Heysel, Senior Security Researcher, this Arsenal session showcases Metasploit's latest capabilities, including SMB-to-LDAP and SMB-to-HTTP relaying, expanded support for Active Directory Certificate Services (AD CS) attacks, and new process injection techniques like "PoolParty." Attendees will see demonstrations of how to detect and exploit ESC vulnerabilities, retrieve privileged credentials, and execute lateral movements in complex domain environments.

Akheron Proxy — Interchip Communication Serial Proxy

Date & Time: Wednesday, August 6 | 11:00 AM - 11:55 AM PDT

Location: Business Hall, Arsenal Station 9

Conference: Black Hat 2025

Track: Hardware/Embedded

In this Black Hat Arsenal Session, Deral Heiland, Principal Security Researcher (IoT) at Rapid7, and Matthew Kienow, Vulnerability Researcher at runZero, will discuss security testing methods via Akheron proxy, a serial communication proxy application tool designed to connect and proxy serial communication between microprocessors on a hardware circuit board. In this live demonstration, Heiland and Kienow will walk through how Akheron proxy allows embedded device testers to capture, decode, replay, and fuzz serial communications flowing between microprocessors on an embedded device circuit board in real time.

Weaponization of Cellular-Based IoT Technology — Leveraging Smart Devices to Gain a Foothold

Date & Time: Thursday, August 7 | 3:20 PM - 4:00 PM PDT

Location: Oceanside C, Level 2

Conference: Black Hat 2025

Tracks: Hardware/Embedded, Network Security

In this 40-minute briefing, Rapid7’s Deral Heiland, Principal Security Researcher (IoT), and Carlota Bindner, Lead Product Security Researcher at Thermo Fisher Scientific, will provide an analysis of how adversaries exploit IoT devices with built-in cellular technology. The session will include live demonstrations as well as discussions on mitigation techniques for manufacturers to address the risks and impacts associated with the demonstrated attacks.

DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks

Date & Time: Friday, August 8 | 2:00 PM PDT

Location: Las Vegas Convention Center, Level 1

Conference: DEF CON 33

Ryan Emmons, Security Researcher at Rapid7, will present his findings on a critical vulnerability in Synology NAS devices, revealing how unauthenticated attackers could achieve root-level remote code execution on millions of devices. The presentation will also feature a novel Linux exploitation technique that earned recognition and awards in Pwn2Own 2024.

“Between Black Hat and DEF CON, we are thrilled to have four extremely talented security researchers presenting this year,” said Raj Samani, chief scientist at Rapid7. “But even beyond that, these two annual conferences are an important time for the Rapid7 Labs team to connect with the community, exchange actionable insights, and address shared challenges together. These face-to-face interactions are critical for fostering the collaboration we all need to enable more secure customers and a safer society.”

Rapid7 at Black Hat USA and DEF CON

Black Hat USA 2025 will take place from August 2 to August 7, featuring cutting-edge research and expert-led discussions. DEF CON 33 , running from August 7 to August 10, continues its legacy of fostering hands-on technical exploration and community collaboration in information security.

Attendees at Black Hat and DEF CON are invited to join sessions featuring Rapid7 speakers to gain exclusive insights into the latest threats. For other ways to interact with Rapid7 August 6-7 in Las Vegas, visit the Rapid7 Black Hat 2025 information page .

