Several talks targeted the encryption that held the web together. With the discovery of Logjam and the continued exploitation of FREAK (Factoring Attack on RSA-EXPORT Keys), researchers showed that a nation-state could downgrade a "secure" HTTPS connection to 512-bit export-grade crypto in minutes.
For the attendees of blackhat.2015, the message was clear: Encryption is only as strong as the oldest protocol you support. blackhat.2015
In previous years, bug bounties were seen as cheap stunts by startups. In 2015, the scales tipped. Microsoft and Google hosted massive "hack the pentagon" style side events. The atmosphere shifted from "hackers vs. vendors" to "researchers subsidized by vendors." Several talks targeted the encryption that held the
The secondary market for zero-days also matured. The Zerodium booth at the conference (founded in 2015) famously posted a sign offering $1 million for a "Tor anonymity network zero-day." For the first time, hacking wasn't a hobby; it was a commodity futures market. In previous years, bug bounties were seen as
Searching for blackhat.2015 today (2025) yields a nostalgic time capsule. Why does this specific year still dominate threat intelligence reports?