Alon Leviev
Alon Leviev (@alon_leviev) is a self-taught security researcher working with the Microsoft Offensive Research & Security Engineering (MORSE) team. Alon specializes in low-level vulnerability research targeting hardware, firmware, and Windows boot components. He has presented his findings at internationally recognized security conferences such as DEF CON 33 (2025), DEF CON 32 (2024), Black Hat USA 2025, Black Hat USA 2024, Black Hat EU 2023, CanSecWest 2024, and others. Prior to his career in cybersecurity, Alon was a professional Brazilian jiu-jitsu athlete, winning several world and European titles.
Beitrag
This talk reveals our in-depth vulnerability research on the Windows Recovery Environment (WinRE) and its implications for BitLocker, Windows’ cornerstone for data protection. We will walk through the research methodology, uncover new 0-day vulnerabilities, and showcase full-chain exploitations that enabled us to bypass BitLocker and extract all the protected data in several different ways. This talk goes beyond theory - as each vulnerability will be accompanied by a demo video showcasing the complete exploitation chain. To conclude the talk, we will share Microsoft’s key takeaways from this research and outline our approach to hardening WinRE and BitLocker.