Recon 2024

Andrea Allievi is a system-level developer and security research engineer with more than 18 years of experience. He graduated from the University of Milano-Bicocca in 2010 with a bachelor’s degree in computer science. For his thesis, he developed a Master Boot Record (MBR) Bootkit entirely in 64-bits, capable of defeating all the Windows 7 kernel-protections (PatchGuard and Driver Signing enforcement). Andrea is also a reverse engineer who specializes in operating systems internals, from kernel-level code all the way to user-mode code. He was the original designer of the first UEFI Bootkit (developed for research purposes and published in 2012), multiple PatchGuard bypasses, and many other research papers and articles. He is the author of multiple system tools and software used for removing malware and advanced persistent threads. In his career, he has worked in various computer security companies—Italian TgSoft, Saferbytes (now MalwareBytes), and Talos group of Cisco Systems Inc. He originally joined Microsoft in 2016 as a Security Research Engineer in the Microsoft Threat Intelligence Center (MSTIC) group. Since January 2018, Andrea has been a Principal Core OS engineer in the Kernel Security Core team of Microsoft, where he mainly maintains and develops new features (like Retpoline, Speculation Mitigations, Function Overrides, ARM64 Import Optimization, Trusted Apps and many more...) for the NT and Secure Kernel. He is one of the main author of the Windows Internals book.

Andrea continues to be active in the security research community, authoring technical articles on new kernel features of Windows in the Microsoft Windows Internals blog, and speaking at multiple technical conferences, such as Recon and Microsoft BlueHat.