Alon Leviev

What an amazing week we’ve had presenting our latest research at Black Hat USA and DEFCON 33! We shared our security research on BitLocker and WinRE - highlighting new vulnerabilities, exploits and fixes! The slides are now live at: i.blackhat.com/BH-USA-25/Pres…

CFP for BlueHatIL 2026 is open! Submit your abstract - your time to shine starts now: microsoftrnd.co.il/bluehatil/conf…

Looks like the slides from the first 10 mins are missing - you can find them here: media.defcon.org/DEF%20CON%2033…

Our DEFCON 33 talk “BitUnlocker: Leveraging Windows Recovery to Extract BItLocker Secrets” is now live on YouTube! youtu.be/Cc6vrQSVMII?si…

Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker - CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682. You can check them out here 👉 msrc.microsoft.com/update-guide/r…

Microsoft just open sourced a Rust implementation of UEFI boot firmware called "Patina" this is a MASSIVE step forward in improving boot security for all. Exciting!!! github.com/openDevicePart…

Just dropped a detailed blog post on our “BitUnlocker” research. If you’re into logical vulnerabilities and BitLocker bypasses, this one’s for you! techcommunity.microsoft.com/blog/microsoft…

So @ShahakMo and I just dropped our Win-DoS research + tools at @defcon and on GitHub!💥 Win-DoS repo: * 4 new remote DoS exploits for Domain Controllers and Win11 (3 pre-auth!) * TorpeDoS technique - exhausting resources via RPC * DCs DDoS botnet attack github.com/SafeBreach-Lab…

For anyone interested in learning more about our research, slides are live at: i.blackhat.com/BH-USA-25/Pres…

3x Pwnie-nominated, 0x Pwnie-winner At this rate I’m on track to win the “Most Nominated Without Winning” award 🦄 Huge thanks to @PwnieAwards and congrats to the very well deserved winners!

Here’s a video of an exploited Lenovo 510 FHD Webcam downloading a meterpreter payload from the internet and executing it, letting us send keystrokes to the computer it’s connected to, then return to being a regular unsuspecting webcam 😄 (Top left: webcam serial port output Bottom left: kali instance in the cloud Right: victim laptop view)

The blog post of our "Invitation Is All You Need" research is now live! Don't skip it if you want to learn how Stav Cohen, @ben_nassi, and I took over Gemini agents of remote users to control their smart home, video stream them via zoom, exfiltrate emails, and more safebreach.com/blog/invitatio… @safebreach

Our “Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years” slides are now available! This research was a collaborative effort with @0x140ce, @ezrak1e and myself. In this talk, we introduce the ESXi virtual machine escape and sandbox escape vulnerabilities we discovered, along with the stories behind them. At the same time, this is also the first talk to systematically introduce the ESXi sandbox. We hope you can gain useful content from it. i.blackhat.com/BH-USA-25/Pres…

In the briefing “BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets” Microsoft security researchers share how their research into attack surfaces led to hardening and further securing Windows Recovery Environment (WinRE). msft.it/6018syn7Q

We are very happy to announce the nominees for the 2025 Pwnie Awards! As a reminder, we will be presenting the winners at DEF CON this year. Saturday the 9th, 10:00AM Main Stage. Hope to see you there! docs.google.com/document/d/1fy…

Our research on BitLocker got nominated for not one but TWO Pwnie Awards - “Best Desktop Bug” and “Most Innovative Research”! Happy for the 3rd Pwnie Award nomination in two consecutive years @PwnieAwards !

This Patch Tuesday includes 5 CVEs for vulnerabilities that @NetanelBenSimon and I found in BitLocker! We've recently been focusing on BitLocker research and it's great seeing fixes released. If you're interested in learning more about this work, join our talks at BH US and DC!

Registration for the Cyber-Security Brazilian Jiu-Jitsu Smackdown (2025) is open! Held between @BlackHatEvents and @defcon (Thur, Aug 7), 60 of us step onto the mat for the most fun and epic experience. Former UFC Champion @ForrestGriffin is our head instructor, accompanied by several more elite pros. First-timers always welcomed! Reg: eventbrite.com/e/cyber-securi… 2024 Video: youtube.com/watch?v=vT5WMp… Sponsored by: @nucleussec and @wirespeed_

You know what’s even more exciting than being accepted to Black Hat USA? Getting accepted to DEFCON too!   I'm happy to share that my and @NetanelBenSimon‘s WinRE VR project “BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets” is coming to @defcon!   #DEFCON33

I am beyond thrilled to share that @NetanelBenSimon and I have been accepted to present at @BlackHatEvents USA 2025! We will present our talk "BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets", where we share our VR journey of WinRE! See you there! #BHUSA