Raxis at DefCon 2025

DefCon 33 has come and gone, and the Raxis team was there keeping up with cutting edge exploits for penetration tests, phishing, and PSE.

Categories: , ,

Posted on

By

Brian Tant

Raxis at DefCon 2025

The Raxis team met up at DefCon 33 this past weekend. Always on the cutting edge of ethical & not-so-ethical hacking (what happens in Vegas, stays in Vegas, I suppose), it’s a great way to keep a finger on the pulse of offensive cybersecurity. To protect our customers and keep up to date on the latest pentest and social engineering exploits, we want to know what the bad guys are up to.

A few of the interesting talks, villages, and ideas this year:

  • Maritime Hacking
  • Active Directory to Entra ID
  • Overlooked Attack Surfaces in Apple Devices
  • New Surveillance Camera Attacks
  • EV Charging Exploits
  • Hacking in the Age of AI
  • Abusing Google Services
  • Remote Code Execution and Arbitrary SMS Attacks on 5G & 4G/LTE Routers
  • Mainframe Hacking with SSH
  • Counterfeiting Event Badges and Credentials
  • Lack of Automotive Privacy
  • API Flaws & Control of Cars
  • IoT Security Failures
  • Exposing Private Data from AI Models
  • New DDOS Attacks

Now here are some personal remarks on the experience: For those that have attended DefCon before, most of the list above should look familiar. Between the villages, talks, and workshops, there was something to satisfy any hack-minded seeker. Several talks were concerned with the ever-growing attack surfaces of embedded systems, and of course, the general apathy displayed by society toward them. The RF and Ham Village were good fellowship with other radio nerds. We saw that AI is no longer creeping around the hallways either; it’s front and center asking, “how do you do”? I also attended a fascinating talk on the subject of AI’s role in pentesting. (Spoiler: we’re still not entirely sure how, but it will really be disruptive in the very near future. AI even says so.)

DefCon 33 also indulged us in some of the more practical hacker machination techniques, an area close to my heart. The most memorable was a frightening talk by a surprisingly calm gentleman demonstrating how anyone with a Git account and an SDR can bring about the downfall of critical infrastructure. Okay, that may be an embellishment, but it’s not a big one.

The Policy breakouts were also super engaging with several privacy and digital advocacy headliners sharing news good and also some less so. The take home from this DefCon for me, as it has been in the past, is that we live in a very fragile world, and we depend heavily on fundamentally undependable things. We’re fortunate to have a place recognizing people who are willing to put in the long hours calling out risk. As a grumpy old man looking forward to next year, it also filled me with mischievous joy and hope to see the younger faces walking the halls. The future seems dark indeed, but that’s a good thing. A lot of heroes wear black, after all.

Written by

Brian Tant

Brian brings to Raxis a rich and varied background in Information Technology spanning more than 20 years. Sought after by clients for his unique blend of business acumen and technical prowess, Brian has consistently delivered value to hundreds of organizations spanning the globe throughout his career. Brian is the Chief Penetration Testing Officer for Raxis and currently leads the Raxis Penetration Testing and Social Engineering team.

Human Expertise Outsmarts AI in Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Learn About AI Pentesting

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn About Raxis Partner

Expert-Led PTaaS

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Learn About PTaaS

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn About Pentesting

Like what you’ve learned from Raxis?

Contact us to receive an expert-led penetration test, and we’ll also show you step-by-step how to recreate our attack against your own systems.

Article Tags

Categories

, ,

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.

Schedule a Demo

More From Raxis

  • How AI Makes Phishing Easy & What to Watch For

    How AI Makes Phishing Easy & What to Watch For
    By Andrew Trexler • May 6, 2025
    Read More

  • Cybersecurity: It’s how to say “Yes.”
    By Mark Puckett • December 31, 2024
    Read More
  • Jason with his friend Daniel handing out badges at OzSec 2024

    Raxis’ Jason Taylor Speaks on Badge Production at OzSec 2024
    By Jason Taylor • October 18, 2024
    Read More
  • Raxis Team at DefCon 32

    Tips to Stay Secure at DefCon 2024
    By Brian Tant • August 9, 2024
    Read More