Stolen Laptops - A brief overview of modern physical access attacks
Pierre-Nicolas Allard-Coutu
NorthSec 2025 · Day 1 · Ville-Marie
Pierre-Nicolas Allard-Coutu, senior penetration tester at Bell Canada's STIRT team, delivers a fast-paced, technically detailed breakdown of how modern laptops are compromised in physical access ("stolen laptop") scenarios. Encryption at rest alone is not sufficient protection in 2025. The talk covers the full attack chain: BitLocker TPM-only mode as a prerequisite attack surface, Direct Memory Access (DMA) attacks via FPGA hardware connected to M.2 PCIe ports, the PCILeech framework and its ecosystem, IOMMU countermeasures, and practical techniques attackers use to circumvent them. It is both a practitioner's guide and an organizational wake-up call. ---
AI review
Bell Canada senior pentester delivers a tight, technically dense tour of physical laptop attacks in 2025: TPM-only BitLocker limitations, FPGA-based DMA via M.2 PCIe, PCILeech/MemProcFS exploitation workflow, IOMMU countermeasures and bypass, and the full credential harvest that follows.