Black Hat Asia 2025 is on this week at Marina Bay Sands (MBS) in Singapore. It is one of the premiere global cybersecurity and information assurance event for professionals, researchers, and enthusiasts in the Asia pacific region. It is one of the 4 sister events to the larger Blackhat USA. Let’s take a visit.
In a nutshell, Black Hat was established in 1997 as an event and platform offering the representation of the latest in cybersecurity research and trends. This year’s Asia edition, held annually in Singapore, continues this tradition.
Also, the event comprises and offering a blend of technical Trainings, Briefings, and networking opportunities. Cost for trainings is pretty pricey, typically range in the $5,000 range per person for 2-4 day workshops, with the briefing and summit passes typically costing in the $2,500 range. A pass to enter the business hall on the 3rd and 4th days are free.
Summit and Briefings
Furthermore, this year’s event spanned four days of topics covering cyber security and info assurance. It runs from April 1 to April 4 at the MBS 4th-floor ballrooms. The event’s initial two days focused on specialized trainings, catering to various skill levels.
These sessions covered topics like AI Red Teaming, Deepfake Threat Analysis, and Advanced Malware Traffic Analysis. On April 2, the inaugural AI Summit and Financial Services Summit took place. Also, these summits provided insights into the implications of emerging technologies in cybersecurity.
Interesting topis presented
Moreover, the main conference days, which runs on April 3 and 4, featured over 40 different briefings selected by the Black Hat Asia Review Board. Some notable sessions and interesting topics includes sharing a novel method of tracking user browsers and client end settings through the use of CSS conditions, which was typically something done using browser cookies.
Also, there were social engineering topics, ranging from sense-making data collected from unsecured car dashcam video recorders and hacking RFID access cards. It calls for methods to mitigate this to build and design secure system infrastructures.
It is also notable that Blackhat generally has a preference for new fresh research papers. But quality of research does not mean that it calls for an interesting presentation and delivery. Though some were pretty interesting like an RFID talk about accessing and bypassing building electronic access control systems by hardware and social engineering.
Also, Keynote briefing presentations were delivered by Edward Chen and Bunnie Huang. Huang’s talk, “Perspectives on Trust in Hardware Supply Chains,” addressed the complexities of hardware trust.
Also, ballroom names like the Simpor, Roselle and Orchid ballrooms would be names familiar with all attendees after a day of navigating Blackhat Asia 2025. Like first trialed at Blackhat 2019, you scan your badge QR before you attending the briefing to grant entry and track engagement.
However, I found the audience attendance of some briefings tad lacking, especially on the last day of the event. This could be due to most participants only attending the first day of the business hall, and the high cost to attend the event which I come to learn.
Melting pot of Chinese researchers
Notably, there is also a pleasant large Asian presentation here too, which is less seen in USA-based Blackhat. Interestingly, almost half of the briefings on the first day were presented by Chinese university researchers and private companies.
This is a welcome, on top of western speakers, I particularly found the Chinese presentations well-thought out and thorough with good technical depth. However, there were some notable languages barriers with Blackhat Asia 2025 being an English-speaking event, with the speakers not able to present in their native languages. But still, it is refreshing hearing research from non-western perspectives. It does provide in-roads and technical insights of China’s brilliance and their fast maturing quality cybersecurity and info assurance research work.
Lunch and hiccups
Also, albeit of a minor hiccups of the badge printers going out affecting registrations of participants, the event is in generally well organised with quite an international audience too. Lunch was also a highlight with lots of networking chances given the free table seating arrangement in a massive ballroom.
Lunch offers good opportunity to network and learn from other attendees especially during lunch. If you’re attending Black Hat Asia for the first time, don’t just stick to the main stage, but do spend time in the corners. That is where many of the best conversations happen.
For instance, at my lunch table, I learnt about life working in Amazon from a few Seattle-based visitors, as well as chat with some company owners from Israeli and few local public service cybersecurity experts.
Notably, local Singaporean folks tend to be less sociable in briefings and at the table, and tend to gather in their own groups. Also, from the crowd, there is also notable a large Singapore government representation here at Blackhat, with most of the local attendees coming from civil and public service backgrounds.
Arsenal and Business hall
Furthermore, the Business Hall, open on April 3 and 4 served as a hub for networking and exploration of security solutions. It featured exhibits from leading cybersecurity companies and startups, showcasing the latest technologies and services.
Notably, the business hall is tiny in comparison to Blackhat USA. The booth sizes are fixed more most like a cookie cutter exhibition.
There is a good mix of foreign and local company representation. Though we do not see larger companies like Fortinet, Samsung, Cisco or Crowdstrike present.
Also, swag is often a widely talked-about topic in Infosec conferences, as companies try to one-up each other in attendee offerings. But unlike bigger Cyber security conferences overseas, the business hall loot here at Blackhat Asia is also notably non-existent.
Companies like Trend micro and Tiktok booth are the largest here, with the latter being the most popular, giving out Tiktok branded swags like a large tote bag and jacket if you get on board and have your picture taken- a jacket for your likeness and privacy I guess.
Talking about swag, while other Blackhat events gave a backpack to attendees, this year’s official event gift is only a small reusable black cloth bag.
Also, if you are interested in getting official Blackhat swag, the merchandise shop sells a variety, albeit mostly run-of-the-mill Blackhat themed T-shirts, hoodies and hats. Do wait for the 4th day for 50% sales, while stocks last.
Tools of the trade
Still, the Business Hall wasn’t just for handouts and swag. The Arsenal sector here provided technical deep-dives into community-built tools. The small briefing halls, though low-key, delivered intimate and often more candid discussions. Some were repeats, but the smaller audience made a big difference.
Also, one surprising takeaway from the community rooms was how willing people were to share real-world stories. Minimal slides, just lived experience. These weren’t high-production talks, but they were grounded in reality. A tad rough around the edges, yes, but honest and refreshing.
Some tools were familiar, like the Stowaway multi-hop proxy tool, Smuggleshield protection against HTML smuggling, Mobile reconnaissance framework. Several of these tools are available from their own GitHub repos too.
Also, the vibe at Arsenal was relaxed. It was easier to strike up conversations there compared to the main conference floor. I appreciated the direct interaction with tool creators no marketing speak, just raw content. There were even free booze and wine for all arsenal attendees on the last day of the event too.
Community open sharing from experiences
Adjacent to the busy vendor areas were small community briefing halls. These weren’t always part of the formal Briefings schedule, but they offered value in a different way. Some sessions were community-led and centered around niche topics. Examples includes topics of mental health in cybersecurity, workplace diversity, and strategies for staying updated in a fast-moving field.
There are even hands-on lab area, allowing newbies to have a go at “hacking” guided in a structured manner, as well as hardware hacking to drum up interests in the field.
Moreover, the nature of the sharing here at the tend to be less underground in-nature too, as opposed to the Skytalks at Defcon. Still, I found the discussions and presentation here at the Arsenal and Business hall were told from willing people with good field experience.
Also, told are lots of war stories and blood shared from experiences on the field. This is unlike the sharing sessions from Govtech Stack we attended previously, where most presentations were simply hypothetical and sales-pitch presentations.
Free coffee aside, interestingly, a few of these community sessions here at the Business hall theatres were repeats of the main Briefings. That initially seemed redundant, but the format was more intimate. Smaller rooms encouraged open questions and in-depth discussions. The smaller setting felt more conversational, almost like a fireside chat.
Lego activity and Blackhat Asia 2025 NOC area
Wrapping up, the Arsenal area is also home to the “Bricks & Picks” space just off the Hall. The Lego booth is also where open events are held a such as Lego set building as well as lock picking challenge event.
It is a fun distraction after hours of sitting through sessions or walking the expo floor.
Though an odd combo, but surprisingly effective at keeping energy levels up. A highlight is the Blachkat Lego montage, where you can complete small tasks for chances in a lucky draw to win a Blackhat NOC custom Lego set.
Notably, on inspection, the set is made from non-official Lego set, made from authentic Lego parts custom curated into a box set for Blackhat events.
Also the Blackhat Asia 2025 NOC operations panel offered insights to the various attack and threat vectors. It provided a glimpse into how network operations are being run with threat and logs analysis and recommendations of unsecured traffic which passes through the network.
Interestingly, throughout the event are wi-fi access points (APs) placed at multiple points all over the event grounds all running back to the NOC area. These APs are supported by the Blackhat Network operations center team and as a means to collect data throughout the event.
Lastly, the event for this year ends with a keynote talks about the board vetting process of submission talks and papers to be pleased at Blackhat Asia 2025.
All in all, that wraps up our visit and attendance of Black Hat Asia 2025. The conference provided a comprehensive overview of current cybersecurity challenges and innovations. The event fostered knowledge sharing and collaboration among professionals dedicated to advancing the field.
