BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//XSJQDE
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-XSJQDE@cfp.nsec.io
DTSTART;TZID=EST:20260514T141500
DTEND;TZID=EST:20260514T144500
DESCRIPTION:This talk will expand on concepts explored in my NSEC 2025 talk
  "Stolen Laptops : A brief overview of modern physical access attacks" \n\
 nWe will deep-dive into the subject of Direct Memory Access attacks agains
 t modern windows operating systems\, exploring together some of the primar
 y countermeasures employed to protect computers from physical attackers. \
 n\nNotably\, we will discuss the implementation and interaction of various
  defensive technology at the physical\, firmware\, and operating system la
 yers.\n\nThis includes things like UEFI security\, hardware whitelisting\,
  firmware DMA protection and virtualization features (VT-d\, VT-x\, AMD-Vi
 )\, and their interaction with critical OS layer protection mechanisms inc
 luding Virtualization-Based Security (VBS) and Kernel DMA Protection. We w
 ill discuss techniques used by attackers to neutralize or bypass these mec
 hanisms to enable a DMA attack against Windows 11. Specifically\, we will 
 focus on attacks that modify UEFI firmware data to control boot behavior. 
 I will demonstrate novel tradecraft which allows operators to map importan
 t security features to the variable stores that control them via a new too
 l I developed called NVRAMap. \n\nThe talk culminates with an in-depth pre
 sentation of a another tool I developed called DMAReaper. The tool allows 
 attackers with physical access to Disable Kernel DMA Protection via a pre-
 boot DMA attack even when a system has all modern protection mechanisms en
 forced.\n\nWe will discuss the research that supported the tool's creation
  and the precise operations being performed against system RAM in order to
  locate and destroy the DMAR ACPI table required for Kernel DMA Protection
  to function. This talk includes a multiple video demonstrations of both t
 ools being used together to compromise a modern workstation running Window
 s 11.
DTSTAMP:20260507T213827Z
LOCATION:Salle de bal
SUMMARY:Stolen Laptops : Defeating DMA Countermeasures - Pierre-Nicolas All
 ard-Coutu
URL:https://cfp.nsec.io/2026/talk/XSJQDE/
END:VEVENT
END:VCALENDAR