The correct IP address is sometimes all you need to exploit a remote target.
Continue reading Exploiting stale ADIDNS entriesCategory: Research
A Deep Dive into TPM-based BitLocker Drive Encryption
When I investigated CVE-2022-41099, a BitLocker Drive Encryption bypass through the Windows Recovery Environment (WinRE), the fact that the latter was able to transparently access an encrypted drive without requiring the recovery password struck me. My initial thought was that there had to be a way to reproduce this behavior and obtain the master key from the Recovery Environment (WinRE). The outcome of a generic BitLocker bypass was too tempting not to explore this idea…
Continue reading A Deep Dive into TPM-based BitLocker Drive EncryptionBypassing PPL in Userland (again)
This post is a sequel to Bypassing LSA Protection in Userland and The End of PPLdump. Here, I will discuss how I was able to bypass the latest mitigation implemented by Microsoft and develop a new Userland exploit for injecting arbitrary code in a PPL with the highest signer type.
Continue reading Bypassing PPL in Userland (again)