The talk is about attacks used by advanced threat actors with long periods of physical access to compromise stolen laptops. This can, and should, be emulated by mature organizations via pentesting to understand the risks in modern times against their standardized laptop imaging and hardware setup.

First, I will talk about WHY we care to do this. This means, briefly showing what kind of secrets you can get from a compromised stolen laptop if you DO compromise it. Starting from here "justifies" the interest in the content that will follow. I show simply that an attacker with SYSTEM on a stolen laptop can access sensitive files of all the users (as expected) but ALSO extract secrets that can affect a SCOPE change. I.e. it is possible to extract cookies, certificates, and credentials belonging to different target environments. Some examples are : Active Directory user or machine account credentials, Primary Access / Refresh tokens belonging to cloud accounts, certificates used to authenticate to corporate wifi networks, etc.
The idea of the intro, is just to make people realize that a stolen, compromised laptop can give access to much more than just the laptop. And at minimum, it will escalate an initial access to an internal environment into credentialed access to that environment. At worse, it can lead to lateral movement and escalation of privilege from the start.

Once the value has been discussed, we can move on to the MAIN topic. This will be : familiarizing the audience with modern physical attacks and their implementation (with examples). The presentation is broken down into segments where I progressively "add" countermeasures to make the target more and more realistic, and explain at each stage how this countermeasure can be defeated.

I skip quickly over how in the past, before BitLocker, it was very easy to pwn unencrypted PC's. This doesnt work anymore, because of BitLocker. I talk briefly about encryption at rest and TPM usage by most modern organizations. I discuss the very real shortfall of relying ONLY on TPM for decryption. This is a key point during the talk. OK, so we need to attack something else. And that target is Memory.

We start with explaining the hardware used to do Direct memory access. What is PCI-express technology and how does it work / why does it exist. The PCIe ports and various form-factors (m.2) encountered on modern laptops. How we interface with them. What an FPGA board (screamer) is and how we use it.

Then we talk about how the board can pwn unprotected laptop using PCILeech firmware / software and MemProcFS. With examples showing how easy this is and the hardware setup.

Now we add some countermeasures into the mix. We discuss the main countermeasures against DMA attacks, DMA protection and IOMMU implementations. Where are these countermeasures configured? Answer = In UEFI !

So we talk about UEFI, and how an attacker with access to it can TURN THESE OFF. This enables DMA. We are now back to pwned. The solution is use a UEFI PASSWORD :) Done? No sir!

Now we talk about UEFI security. Specifically, where is UEFI stored on the motherboard (EEPROM) and how to attackers interact with the firmware (universal programmer, extract physically). We talk about how you can read BIOS/UEFI data on a PC with open source tooling like UEFItools. I talk about NVRAM sections not protected by bootguard, and DXE driver sections that can contain interesting data like hardware whitelists (which we can get from decompiling IDA / Ghidra etc). I briefly discuss some sensitive findings I have made (0days) allowing attackers to PATCH firmware and bypass UEFI passwords altogether (these will be redacted heavily). I also discuss rollback attacks to downgrade firmware to exploitable deprecated versions allowing attacks to occur in cases where other options fail.
This sections terminates with us having defeated UEFI password and gaining access to the pre-boot configuration. The point is not to show explicitly how, but to give the methodology as to how we can do this here.

Ok, so we can modify UEFI settings again. We disable the DMA countermeasures. Do we win? Not yet. We get prompted for BitLocker recovery key! I explain why. I discuss how BitLocker and the TPM work to protect to OS by forcing use of a recovery key when preboot config options have been changed. I then explain how we can BYPASS this behaviour with certain crafty configuration changes which effectively NEUTER the proper functioning of the IOMMU on various modern platforms (Lenovo, HP, etc.). We can effectively disable DMA countermeasures in some cases, without triggering BitLocker recovery!

This leads to the final scenario. We enable ourselves to perform DMA attacks against the pre-boot environment.
The target :
1) Is Encrypted with BitLocker
2) Uses TPM for decryption
3) Had DMA countermeasures enabled in UEFI
4) Had a UEFI password protecting its settings from changes
5) we disabled the the UEFI password
6) We disabled IOMMU
7) We enabled DMA attack during pre-boot only

BUT, DMA protection is still enabled for the operating system, and I demonstrate how existing tooling (PCIleech) will cause bluescreens when using the preboot exploitation modules BECAUSE of communication between the UEFI implant and the OS triggering DMA protection features !

I now show the solution, FirstStrike ! FirstStrike is a Github project I have released (very hacky, disclaimer, just a PoC ) which compromises the OS from UEFI without any subsequent PCI express interaction after initial injection such that we can compromise a DMA protected OS simply by enabling an attack on preboot environment. I give demo of this in action, showing Administrator account creation with known credentials.

Alright, so now we have admin access to this modern, protected laptop. If there is EDR, we can remove it easily (briefly talk about safemode, WinRE, how EDR is reliant on drivers and such stuff that we can easily kill / remove with system and physical access). We can run mimikatz. Its pwned!

Finally, what can organizations do to stop this? We discuss best practice to defend against ADVANCED threat actors with lengthy physical access. We discuss what Microsoft recommends.

Use MFA for bitlocker. A third party secret (Complex PIN) + TPM.
Keep firmware updated. Disable rollback prevention. Enable advanced preboot config tracking with TPM and Group Policy. etc etc etc.

And thats it :)

Cheers guys