Summary
Highlights
Eric introduces a new BitLocker exploit discovered by Nightmare Eclipse. BitLocker is Microsoft's built-in disk encryption, primarily useful against device theft. The exploit works on Windows 11 and Windows Server 2022/2025, triggering a shell with unrestricted access to protected data.
The exploit involves placing a specific transaction file ($TX) in the system. The researcher suggests it might be a backdoor due to its unusual functionality, working only in the Windows recovery environment and not a booted Windows version, and affecting only Windows 11, not Windows 10.
The video is sponsored by MSP360 Cloud Backup, highlighting the importance of backups to prevent data loss, especially when encryption like BitLocker fails. MSP360 offers flexible cloud backup solutions for various environments, supporting multiple cloud storage providers like Amazon S3 and Wasabi, with a free personal backup version for home users.
Eric demonstrates how to perform the exploit for educational purposes. It involves copying the FSTX file to a FAT32 formatted flash drive, then rebooting the target computer into the recovery environment. A key finding was that reformatting the flash drive to FAT32 was crucial for the recovery environment to access the necessary files.
The demonstration successfully shows access to the supposedly BitLocker-protected C drive, confirming the vulnerability. As a mitigation, setting a PIN in BitLocker is suggested, although the exploit developer claims to have a version that bypasses the PIN as well, the effectiveness of which is debated.