First talk

Unlocked and leaked

Speaker

Darren (r3n5k1) and Craig (@craigsblackie)

Synopsis

The BIOS password is often seen as the first line of defence against all kinds of attacks and commonly involved in bypassing full disk encryption. In this talk we go over four different methods of circumventing this protection in modern Dell UEFI. Covering clearing the passwords, modifying the SPI flash DMA security settings to appear on when they are off, the “just ask nicely” approach, and a novel technique being discussed publicly for the first time which allows clear text extraction of passwords.

You may see this referenced as CVE-2026-40639.

Time

We’ll start around 7:30pm as usual, but feel free to turn up from 6:45pm to settle in.

Future talks

We’re still trying to build up a backlog of talks. If you’ve implemented a C2 on a smartwatch, want to walk us through the highlights of a CTF, or have some insight into the breakdown of security cooperation globally, we’re interested!

Drop a message to talks@dc4420.org with a title, synopsis and rough length, and don’t worry if you haven’t presented before.

We’re also happy to host other activities, like lockpicking, or demoing a new piece of kit, just let us know.