BlueHat v18 || An Ice Cold boot to break bitlocker

Olle Segerdahl, F-Secure Pasi Saarinen, F-Secure A decade ago, academic researchers demonstrated how computer memory remanence could be used to defeat popular disk encryption systems[1]. Today, most seem to believe that these attacks are too impractical for real world use. Microsoft has played down the threat of memory remanence attacks against BitLocker using words such as "they are not possible using published techniques"[2]. We will show techniques that allow recovery of BitLocker encryption keys from RAM on most, if not all, currently available laptops and tablets. These techniques allow bypassing of security controls such as password protected BIOS configuration, UEFI-based Secure Boot and the TCG Platform Reset Attack Mitigation by directly manipulating the firmware storage device (EFI SPI flash chip). [1] https://www.usenix.org/legacy/event/s... [2] https://docs.microsoft.com/en-us/wind... https://www.slideshare.net/MSbluehat/...

Join Today
BlueHat v18 || Retpoline: The Anti sectre type 2 mitigation in windows
▶︎

BlueHat v18 || Retpoline: The Anti sectre type 2 mitigation in windows

SEC-T 0x0B: Olle Segerdahl & Pasi Saarinen - An ice-cold Boot to break BitLocker
▶︎

SEC-T 0x0B: Olle Segerdahl & Pasi Saarinen - An ice-cold Boot to break BitLocker

Outlook 2013 wont display bullet points correctly
▶︎

Outlook 2013 wont display bullet points correctly

014| Reinventing the Cold Boot Attack: Modern Laptop Version
▶︎

014| Reinventing the Cold Boot Attack: Modern Laptop Version

BlueHat v18 || Hardening hyper-v through offensive security research
▶︎

BlueHat v18 || Hardening hyper-v through offensive security research

Bypassing Local Windows Authentication To Defeat Full Disk Encryption
▶︎

Bypassing Local Windows Authentication To Defeat Full Disk Encryption

PLC Troubleshooting 101. Basic Steps to Diagnose and Fix Your Machine
▶︎

PLC Troubleshooting 101. Basic Steps to Diagnose and Fix Your Machine

How Your Phone is Tracked in 2026 – And How to Stop It
▶︎

How Your Phone is Tracked in 2026 – And How to Stop It

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

THESE Apps Are SPYING on You — Shut Them Off NOW!
▶︎

THESE Apps Are SPYING on You — Shut Them Off NOW!

How to: Crack Bitlocker encrypted drives
▶︎

How to: Crack Bitlocker encrypted drives

[Disobey 2020] Live Memory Attacks and Forensics - Ulf Frisk
▶︎

[Disobey 2020] Live Memory Attacks and Forensics - Ulf Frisk

40Hz Binaural Gamma Waves - Ultra Deep Concentration
▶︎

40Hz Binaural Gamma Waves - Ultra Deep Concentration

A Dive in to Hyper-V Architecture & Vulnerabilities
▶︎

A Dive in to Hyper-V Architecture & Vulnerabilities

1 18 Active Directory Security Beyond the Easy Button Sean Metcalf
▶︎

1 18 Active Directory Security Beyond the Easy Button Sean Metcalf

BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
▶︎

BlueHat v18 || Return of the kernel rootkit malware (on windows 10)

Bypassing of Self-Encrypting Drives – Techniques for Hackers and Forensic Investigators
▶︎

Bypassing of Self-Encrypting Drives – Techniques for Hackers and Forensic Investigators

How to HACK Windows Bitlocker - MUST SEE!
▶︎

How to HACK Windows Bitlocker - MUST SEE!

BlueHat 2026: From hype to hardening: Using LLMs to improve application security in practice
▶︎

BlueHat 2026: From hype to hardening: Using LLMs to improve application security in practice

Clear Mind Intense Focus | Ambient Techno | ADHD High Focus Support
▶︎

Clear Mind Intense Focus | Ambient Techno | ADHD High Focus Support