2025-10-23 –, Vianden & Wiltz
This hands-on workshop complements the talk “Field Guide to Physical Attacks Against Full-Disk Encryption” by guiding participants through a full-chain compromise of a BitLocker-protected Windows system. This isn’t just about sniffing keys, it’s about turning physical access into full control.
Participants will:
- Learn to use a logic analyzer to intercept TPM traffic to extract encryption keys,
- Use those keys to unlock the disk and access system data,
- And escalate privileges to achieve full interactive access on the target machine.
Attendees will walk away having executed every stage of the attack chain, from signal capture to full compromise, on real hardware!
Ever wonder what happens when someone steals a laptop that’s “secure because it’s encrypted”? In this workshop, you’ll find out...by doing it yourself!
You will be handed a powered-off, BitLocker-encrypted laptop and guided through the full attack chain. First, you will capture TPM traffic using provided hardware. Then, you will extract the encryption key, decrypt the drive, and finally gain full system access, without ever knowing the user's password!
No theory. No staged environments. You will work directly with real hardware and proven red team tooling. We will walk you through every step: hardware reconnaissance, signal capture, key recovery, drive decryption, and post-exploitation. You’ll even finish with a local admin shell.
Everything you need is provided: gear, guides, tools, and targets. Just bring a laptop and a healthy dose of curiosity.
You’ll walk away having broken into a locked encrypted laptop without a password... and knowing exactly how and why that’s possible.
Heads-up: To make the most of our limited number of hardware kits, attendance will be limited, and participants will collaborate in small groups (4–5 people) during the hands-on portion. This ensures everyone gets time on the tools without sacrificing depth.
Edouard is a Senior Cybersecurity Advisor at PwC Luxembourg with a strong focus on incident response and digital forensics. A hands-on generalist, he also works across malware reverse engineering, threat hunting, and broader security architecture. Lately, he's been exploring hardware attacks and low-level exploitation, combining field experience with curiosity-driven research. His work bridges the gap between high-level response and deep technical digging — whether in memory, firmware, or signals on a scope.
Hayk is a seasoned penetration tester and red teamer at PwC, with over five years of experience in offensive security.
His work spans complex adversary simulations, assumed breach scenarios, and stealth operations targeting modern enterprise environments.
Driven by a strong curiosity for hardware hacking, Hayk has explored topics like SPI/I2C bus sniffing and BitLocker key extraction, expanding red team capabilities beyond traditional boundaries.