BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2026//talk//RVFD8B
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2026-RVFD8B@cfp.pass-the-salt.org
DTSTART;TZID=CET:20260701T155500
DTEND;TZID=CET:20260701T163000
DESCRIPTION:BitLocker without a pre-boot PIN is widely deployed across ente
 rprise environments and often considered a sufficient protection against p
 hysical access attacks. In practice\, several techniques can defeat it\, i
 ncluding long known hardware attacks\; the bitpixie PXE-based software att
 ack published in early 2025\; and a boot manager downgrade attack we devel
 oped that exploits the slow rollout of Microsoft's UEFI CA 2023 certificat
 e transition to revive a patched vulnerability (CVE-2025-48804) on fully u
 pdated machines.\n\nThis talk is a practitioner's field report. Drawing fr
 om real penetration testing engagements\, we compare hardware and software
  attacks across the dimensions that matter in the field — setup time\, r
 equired hardware\, risk to the target device\, success rate\, and post-exp
 loitation impact. We walk through the open-source PoCs we developed to ope
 rationalize bitpixie and the BitUnlocker downgrade attack\, and share hone
 st observations on the effectiveness of recommended mitigations in real-wo
 rld enterprise configurations.\n\nSee https://github.com/garatc/BitUnlocke
 r
DTSTAMP:20260514T102939Z
LOCATION:Amphitheater 122
SUMMARY:Bypassing BitLocker in under 5 min using boot manager downgrade att
 acks - Cassius Garat (Intrinsec)
URL:https://cfp.pass-the-salt.org/pts2026/talk/RVFD8B/
END:VEVENT
END:VCALENDAR