top of page
ALL POSTS
BitLocker Bypass via GreatXML: Public PoC Exploit Disclosed
Key Findings GreatXML BitLocker bypass exploit publicly disclosed, allowing local attackers full access to encrypted drives Exploit manipulates Windows Defender Offline Scan feature to grant unrestricted administrative shell Attack requires physical access and specific conditions: prior Defender offline scan or ability to boot into WinRE Researcher Nightmare Eclipse claims accidental discovery taking only 4 hours Ongoing dispute between researcher and Microsoft over vulnerabi
Jun 113 min read
Microsoft Releases YellowKey BitLocker Bypass Mitigation Without Patch Available
Key Findings Microsoft released mitigations for YellowKey BitLocker bypass vulnerability but no patch yet CVE-2026-45585 affects Windows 11 versions 24H2, 25H2, 26H1 and Windows Server 2025 on x64 systems Exploit requires physical access to machine and specially crafted FsTx files Mitigation involves disabling autofstx.exe in WinRE and switching to TPM+PIN authentication Chaotic Eclipse publicly released working exploit code, violating coordinated disclosure practices Backgro
May 202 min read
Microsoft's BitLocker Encryption Keys Shared with the FBI
Key Findings The FBI obtained BitLocker encryption keys from Microsoft to access encrypted data on laptops seized during a fraud investigation in Guam. Microsoft provides these recovery keys to law enforcement when presented with a valid legal order, as the keys are often backed up to users' Microsoft accounts by default. This practice raises privacy concerns, as it allows authorities to bypass the encryption meant to protect users' data, even if the device owner has not know
Jan 252 min read
bottom of page
