https://stream.echo6.co/videos/watch/c802a910-f8e1-4607-ae6e-284f2aec6892 Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal David Bombal sits down with Philippe Laulheret of Cisco Talos at Black Hat to unpack new vulnerabilities in Dell’s ControlVault security board (the module behind fingerprint/smart-card/NFC on many Latitude/Precision laptops). Laulheret chains two bugs to get code execution, leaks device-unique AES/HMAC keys, and modifies firmware for persistence. He then backdoors a function so requesting object “1337” delivers a payload that abuses the Windows Biometric Framework (Broadcom DLL) to spawn a SYSTEM reverse shell. Demos: onion/plastic-finger unlock and a physical USB ribbon-cable attack path. // Phillippe Laulheret’s SOCIALS // LinkedIn: https://www.linkedin.com/in/philippe-laulheret-094a5315/ Talos Blog: https://blog.talosintelligence.com/author/philippe/ X: https://x.com/TalosSecurity // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ SoundCloud: https://soundcloud.com/davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Menu // 0:00 - Coming up 0:59 - ThreatLocker Shout Out 01:12 - Intro 02:10 - Paid to Hack Ethically 02:25 - The Finger and The Onion Story 03:25 - The ReVault Presentation 04:49 - Demo 1 06:19 - Attack Scenarios Physical Access vs Remote 10:48 - Reverse Shell Demo 11:51 - Demo 2 13:43 - The Bugs Attributes 15:32 - How Long Did It take to figure out ? 17:21 - I really Broke it now 17:45 - Demo 3 19:55 - Physical Attack Demo 20:55 - Conclusion & Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #threatlocker #blackhat #cisco Wed, 15 Apr 2026 11:45:31 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/c802a910-f8e1-4607-ae6e-284f2aec6892 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.