Bypassing Local Windows Authentication To Defeat Full Disk Encryption

Подписаться 226 тыс.

Просмотров 46 тыс.

50% 1

by Ian Haken
In 2007, starting with Windows Vista, Microsoft began shipping a full disk encryption feature named BitLocker with professional and enterprise versions of Windows. Full disk encryption helps protect users from threats that include physical access. This can, for example, prevent the exposure of proprietary information and account credentials if a company laptop is lost, stolen, or even left temporarily accessible to an attacker.
Under the hood, BitLocker utilizes a system's Trusted Platform Module (TPM) to store the secret key used for full disk encryption, and is able to use the features of the TPM to safely provide transparent, passwordless decryption of the disk on boot. Because BitLocker can work transparentlywithout any extra passwords or prompts on bootmany enterprises have opted to enable this form of full disk encryption as a part of their data loss prevention strategy.
However, in this presentation, I will demonstrate how one can abuse physical access in order to bypass Windows authenticationthus accessing all of a user's dataeven when the disk is fully encrypted by BitLocker. This platform-independent attack effectively bypasses all of the protection offered by BitLocker, reliably and quickly allowing an attacker to retrieve all of the sensitive data on the machine, all without having to perform any cryptographic brute-forcing or hardware manipulation.

Опубликовано:

2 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 34

@sent4dc 6 лет назад

OK. Mislabeled video. This is not really a BitLocker encryption bypass. It's a domain authentication attack. Obviously, if you're doing full disk encryption on your own laptop DO NOT use TPM. I know it's convenient but it's also worthless. Instead, get yourself a small USB stick and use it for pre-boot authentication with BitLocker. You can keep it on your keychain along with your house or car key. You will need that USB stick only to boot your computer. Then as soon as it boots you'll get that USB stick out. Works really well and is also much, much more secure than TPM. (And if you lose your laptop the chances are that you will keep your keys on your person, so whoever finds your laptop will not be able to read your hard drive.)

@zezo782 6 лет назад

What if the person who got access to ma laptop removed the drive from the laptop, will they still be unable to access it?

@kirbfx 5 лет назад

What is TPM??

@levilima9925 5 лет назад

@@kirbfx TPM is a hardware chip component that's responsible for communicating with your operating system regarding the authentication of your key-cryption. Sort of. More information here: whatis.techtarget.com/definition/trusted-platform-module-TPM

@levilima9925 5 лет назад

You're correct. I thought this guy was some kind of genius for bypassing the BitLocker feature encryption but he used social engineering at the end to gain access to the computer which is not bypassing the encryption scheme.

@QuickishFM 4 года назад

Also if the TPM gets erased and you don't have the recovery key then you can't get back in

@ali.kamran7112 4 года назад

Very nice brother, keep it up...👍👍👍

@burtonh1 7 лет назад

How does one set up their computer to defend against such attacks?

@MadsHegelund 8 лет назад

Nice one..

@naziamalik8749 8 лет назад

please help me, how can i really all black hat stuff efficiently ??

@TheAmazeer 6 лет назад

first you need a laptop with a ubuntu or debian installed then install a samba dc with the same name of the windows domain you want to attack then you put your encripted machine on the same network as the samba dc so that they can talk together then you change date and password for the account you to exploit then put the right date loggin back will prompt to you your password has expired then put a new one but before that you must disconnect network nic in order to force the computer to check its cache... Very smart .. but you didn't configure samba dc for expiry date is it set by default to password expires within a certain amount of time ?

@mdd1963 4 года назад

Not all switches will auto assign an IP address to new unknown hardware easily....; you might need access to the switches terminal to run bindwiper ..assuming you can even get into the switch......

@Heycarlson 4 года назад

What about from BIOS?!!?

@Dluzak1 5 лет назад

Why people keep using very light colors on white background... The arrows at 6:51 are pretty much invisible, so the slide is becoming useless.

@Jeff-vm4gp 4 года назад

you'd figure in this case standard would be Green on Black

@Tomyb15 8 лет назад

so, is BitLocker useless now if you didn't enable pre boot authentication?

@rfh1987 7 лет назад

If it's a domain computer without pre boot authentication, it can be hacked this way. Also, I imagine Microsoft is actively working on correcting this attack (assuming they haven't already patched it).

@disk0__ 7 лет назад

at the end he literally says it was patched prior to the presentation

@rfh1987 7 лет назад

disco__ LOL. Thanks for pointing that out. I guess the rest of us stopped the video at the Q&A part. :D

@HardTrancid 3 года назад

When I attack a Bitlocker locked HDD I image it RAW then run a brute force on the hash ...

@FSA2023 2 года назад

can you do it online for someone?

@HardTrancid 2 года назад

@@FSA2023 I might do a video down the road. We'll see I suppose.

@sahmed868 2 года назад

@@HardTrancid can you do this for my laptop?

@WizardNumberNext 4 года назад

there is no physically going to datacentre to reboot machine or enter pin this is what IPMI is for if you have 'same as physical access' while being remote, even thousands of miles away, then you do not need to type anything on keyboard, which is NOT connected to server anyway (why would you even consider connecting keyboard or monitor to server?) P.S. if you can afford server and cannot afford IPMI, then I am lost

@Spontan_DJ 3 года назад

veracrypt ram encryption...

@naziamalik8749 8 лет назад

how can i learn these black hat stuff from these videos ??

@jamesedwards3923 4 года назад

There is nothing criminal about what he is teaching or doing.

@quarteratom 2 года назад

LOL, don't store the encryption key inside the computer, and don't decrypt everything automatically.

@kdeeuk 7 лет назад

thanks for telling all the theives how to get in to my pc, good on ya why ?, this is very irresponsible of u

@davidreynolds9649 6 лет назад

This isn't about telling thieves how to get into your PC; they already know. It's about telling you that it's possible, so that you can react accordingly.

@rjstewart 6 лет назад

If you watch the whole video you will see that prior to him releasing this exploit's details Microsoft released a patch. This is what responsible hackers do. This is what I did years ago when I found a major bug in a piece of widely used software. We contacted the vendor, waited until the fix was ready and out and THEN explained the exploit.