Andrea Allievi is an Italian security researcher specialized in Windows Internals, with at least 10 years’ experience. He graduated in 2010 from University Milano Bicocca with a Bachelor’s degree in Computer Science. For his thesis, he developed the first Master Boot Record (MBR) Bootkit entirely in 64 bit capable of defeating some Windows 7 protections. He is the original designer of the first UEFI Bootkit. He specialized in operating systems internals, from kernel level code all the way to user-land code.

He has completed a lot of security-related researches, ranging from all kind of Malware (especially Kernel-mode rootkit) to the analysis of particular Operating System Security features (like Windows 8 AppContainers for example). He is the author of the first original Patchguard 8.1 Bypass method, presented at the NoSuchCon Conference in the year 2014, located in Paris.

Andrea is even the original developer of the first Intel Processor Trace Driver for Windows that allow the users to perform live-tracing of all kind of software (user-mode applications, kernel-mode drivers, and even Hypervisors and SMM code). The driver has been idealized in collaboration with Richard Johnson, and presented at Blue Hat and Recon Brussels conferences.

Andrea has worked for almost 3 year as a Security Research Engineer in the Talos Security Research and Intelligence Group of Cisco Systems Inc. Starting from September 2016 Andrea is a Security Research Engineer of the Threat Intelligence Center team of Microsoft Ltd. Previously, he has worked for TgSoft (a very small Italian Av company), PrevX, Webroot and Saferbytes.