Black Hat USA

Zenity Black Hat USA
August 3rd – 8th

Black Hat USA | Las Vegas, NV

Request a meeting with us at Black Hat USA through the form on the right, and come visit us at our booth #3115! Don’t forget to mark your calendar for Zenity co-founder and CTO, Michael Bargury’s TWO sessions! Details below:

Living off Microsoft Copilot

Time TBA | Session Details

Discover how Microsoft Copilot can be exploited post-compromise by hackers to search for, parse, and exfiltrate sensitive data without generating logs. This comprehensive talk delves into the red-team-level practicality of using Copilot plugins to install backdoors, enabling data theft and AI-based social engineering. Learn how hackers circumvent built-in security controls and use AI against them. We’ll introduce LOLCopilot, a new red-teaming tool designed for ethical hackers to exploit Copilot within any M365 copilot-enabled tenant. Finally, gain valuable insights into detection and hardening techniques to protect against malicious insiders and threat actors with Copilot access.

Why Join:

Join us to understand the vulnerabilities of Microsoft Copilot from a red-team perspective and learn how to defend against these advanced threats. This session is crucial for security professionals looking to enhance their organization’s resilience against sophisticated attacks leveraging AI and Copilot plugins. Don’t miss the unveiling of LOLCopilot, the latest tool in ethical hacking, and discover actionable strategies to secure your Copilot-enabled environments.

15 Ways to Break Your Copilot

Time TBA | Session Details

Explore the security assumptions behind Microsoft Copilot Studio, the platform that powers Microsoft’s copilots and custom enterprise bots. This talk critically examines whether the promise of secure-by-default holds up under scrutiny. We will demonstrate how Copilot Studio bots can exfiltrate sensitive enterprise data, bypassing existing controls like DLP. Discover how insecure defaults, over-permissive plugins, and flawed design thinking make data leakage not just possible, but probable. We will delve into how Copilot Studio increases the prompt injection attack surface, compromising data integrity and confidentiality.

Witness the debut of CopilotHunter, a powerful recon and exploitation tool that scans for publicly accessible Copilots and leverages fuzzing and GenAI to extract sensitive enterprise data. Our findings, based on thousands of accessible bots, will reveal critical security lapses and corporate credential exposures.

Why Join:

Join us to uncover the vulnerabilities within Microsoft Copilot Studio and learn how to protect your enterprise data from sophisticated attacks. This session is essential for security professionals aiming to secure their Copilot-enabled environments against advanced threats. Gain insights into the configurations and practices to avoid, and discover best practices for building secure and reliable Copilots. Don’t miss the unveiling of CopilotHunter and our in-depth analysis of real-world security weaknesses.


Michael Bargury

Zenity Co-Founder & CTO

Meet us at Black Hat