Blackhat.2015 May 2026
One of the most chilling talks came from Matt Graeber, who demonstrated "PowerShell for Offense." He showed that PowerShell could be used to load malware directly into memory without ever touching the disk. Traditional AV was blind to it. This technique—living off the land—became the standard for every APT group post-2015.
There was one story that escaped the confines of the Mandalay Bay convention center and exploded across mainstream news: The remote hack of a Jeep Cherokee.
Security researchers Charlie Miller and Chris Valasek took the stage at BlackHat.2015 to deliver what is arguably the most impactful car hacking presentation ever given: "Remote Exploitation of an Unaltered Passenger Vehicle."
In 2015, the duo demonstrated a remote exploit that required no physical access to the vehicle. Using a cellular connection (Sprint’s network), they exploited the Uconnect system to send CAN bus commands directly to the engine, brakes, and steering wheel. blackhat.2015
The demo was visceral. Watching a journalist drive helplessly while Miller manipulated the AC, radio, and eventually cut the transmission on a busy highway was the "E-Trade baby" moment of cybersecurity. Within 48 hours, Fiat Chrysler recalled 1.4 million vehicles. It was the first mass recall in history solely due to a cybersecurity vulnerability.
Why it mattered for blackhat.2015: It moved the threat model from "data theft" to "physical safety." Suddenly, a buffer overflow didn't just leak credit cards; it killed the brakes.
The "Patch" Keynote: Jennifer Granick, the Director of Civil Liberties at the ACLU, delivered the opening keynote titled "The End of the Internet." It was a philosophical and urgent talk about how the internet was becoming fractured, surveilled, and controlled. She argued against government mandates for backdoors and highlighted the tension between security research and criminal law. One of the most chilling talks came from
The Chrysler/Jeep Hack: While the research was presented by Charlie Miller and Chris Valasek, the publicity hit its peak right around the conference. They demonstrated a remote attack on a Jeep Cherokee over the internet (via the Uconnect system) that allowed them to cut the transmission and control steering.
Juniper Networks and Cisco took heavy fire. Researchers revealed backdoors and hard-coded credentials in numerous SOHO (Small Office/Home Office) routers. If you thought your edge device was safe because it was "enterprise grade," blackhat.2015 was the bucket of ice water proving otherwise.
Black Hat 2015 wasn't just about bits and bytes. The "Human Factor" track highlighted the rise of "Vishing 2.0." There was one story that escaped the confines
Researchers presented data showing that while email phishing detection had improved (thanks to DMARC and user training), voice phishing (vishing) was back. Using automated voice synthesis and publicly available LinkedIn data, hackers could spoof a CEO’s voice to the CFO and wire money instantly.
The term "Whaling" (targeting C-suite executives) entered the common vernacular at this show.
Beyond the consumer threats, BlackHat.2015 served as the coming-out party for state-sponsored cyber-espionage. Kaspersky Lab presented the findings of "Project Sauron" (aka Remsec).
Unlike the flashy car hack or the mobile vulnerability, Sauron was about silence. The presentation detailed a sophisticated modular backdoor designed to live off the land—using legitimate system administration tools to hide its presence. It specifically targeted government institutions, telecommunications companies, and financial entities in Russia, Iran, and Europe.
BlackHat.2015 showcased that the cyber arms race had matured. The days of "script kiddies" were over; this was intelligence agency infrastructure colliding with corporate networks.