2025-10-23 –, Europe
How safe is your “encrypted” laptop when someone walks off with it?
Full-disk encryption (in particular BitLocker) is now standard on Windows 11 machines, silently protecting everything from corporate endpoints to personal devices. But in the real world, does it truly hold up against physical access attacks?
This session is for defenders, red teamers, and anyone who’s ever been handed a laptop and told, “Don’t worry, it’s encrypted.”
This talk is a 2025 field guide into practical techniques to bypass BitLocker, drawn from our own hands-on experience during real-world red team engagements, using publicly documented attack techniques.
We will focus on what actually works in the field, setting aside the techniques that are too hardware-specific, outdated and patched, or only achievable under lab conditions.
Along the way, we will break down how BitLocker works under the hood, covering key components like the TPM, boot process, and key management, and give context for the following attacks:
- TPM sniffing
- Direct Memory Access (DMA)
- Bitpixie
We will also take a reality check on more exotic vectors like cold boot attacks and Intel DCI. We will walk through where these techniques worked for us in practice, where they failed, and what challenges we encountered along the way.
Red teamers will learn quick, effective methods for gaining initial access and privilege escalation on end-user devices. This will be supported by insights into tooling, setup requirements, reliability, ease of execution, and post-exploitation considerations.
Blue teamers will come away with a realistic view of the current risks and threat landscape, along with an overview of available mitigations, including those introduced by Microsoft and hardware vendors in recent years.
A live demo will illustrate the practical impact of one of the featured attacks and reinforce the importance of context-aware defenses.
Edouard is a Senior Cybersecurity Advisor at PwC Luxembourg with a strong focus on incident response and digital forensics. A hands-on generalist, he also works across malware reverse engineering, threat hunting, and broader security architecture. Lately, he's been exploring hardware attacks and low-level exploitation, combining field experience with curiosity-driven research. His work bridges the gap between high-level response and deep technical digging — whether in memory, firmware, or signals on a scope.
Hayk is a seasoned penetration tester and red teamer at PwC, with over five years of experience in offensive security.
His work spans complex adversary simulations, assumed breach scenarios, and stealth operations targeting modern enterprise environments.
Driven by a strong curiosity for hardware hacking, Hayk has explored topics like SPI/I2C bus sniffing and BitLocker key extraction, expanding red team capabilities beyond traditional boundaries.