How to HACK Windows Bitlocker - MUST SEE!

preview_player
Показать описание
Windows has a secret! An encryption technology designed to keep your stuff safe and secure. But if not configured correctly, it can be hacked!! In this short session I'll take you through a full forensic demo on how to hack Microsoft Windows 10 / 11 disk encryption technology. I'll show you how it works and more importantly how you can defend against this attack. As always I love your feedback, comments and questions. if you enjoy please hit the like button.

  1. Andy Malone MVP
  2. Hack windows bitlocker
  3. bitlocker encryption
  4. hacker
  5. Andy Malone MVP
  6. mvpbuzz
Рекомендации по теме
How to HACK 0:10:04

How to HACK Windows Bitlocker - MUST SEE!

Unlock, Turn off 0:04:19

Unlock, Turn off BitLocker ENCRYPTED Drive WITHOUT a RECOVERY KEY in 1 Minute

Breaking Bitlocker - 0:09:11

Breaking Bitlocker - Bypassing the Windows Disk Encryption

How to Bypass 0:05:14

How to Bypass BitLocker Blue Screen in Windows 10/11 (2 Methods) 2024

Unlock, Turn off 0:04:34

Unlock, Turn off and Bypass the Windows BitLocker in ONE MINUTE | If You are WELL PREPARED

How to: Crack 0:09:54

How to: Crack Bitlocker encrypted drives

[UPDATE] How to 0:06:12

[UPDATE] How to Bypass BitLocker to Reset Windows 10/11 Password - 2024

Forgot bit locker 0:18:28

Forgot bit locker pin, forgot bit locker recovery key, how to Fix, 6 Easy Ways

Statement on Falcon 0:08:19

Statement on Falcon Content! Update for Windows Hosts! #cloudstriked

How To Bypass 0:02:17

How To Bypass The BitLocker Recovery Key On Windows 11 | Complete Tutorial Step by Step

Some bad code 0:03:59

Some bad code just broke a billion Windows machines

How To Remove 0:02:23

How To Remove BITLOCKER ENCRYPTION In Windows 10

[UPDATE] How to 0:03:23

[UPDATE] How to Unlock Bitlocker & Bypass Windows Password✅ PassFab 4WinKey Guide | 2024

How to Bypass 0:08:15

How to Bypass BitLocker Recovery Blue Screen | Enter the Recovery Key for This Drive

how hackers bypass 0:07:36

how hackers bypass windows login screen!

Find Your BitLocker 0:01:32

Find Your BitLocker Recovery Key Via CMD

How to Format 0:05:38

How to Format Bitlocker Encrypted Disk Without Key

Recovery process of 0:06:21

Recovery process of Bitlocker encrypted Drive!

Reset Windows 11/10 0:04:32

Reset Windows 11/10 password on bitlocker encrypted drive

Recover your PC 0:00:42

Recover your PC Password Without Resetting It? 🤔

How to Bypass 0:01:39

How to Bypass BitLocker Blue Screen in Windows 10/11 Without Recovery Key or Password

How to find 0:02:45

How to find your BitLocker recovery key | Microsoft

BitLockerUtility 3.0 - 0:04:54

BitLockerUtility 3.0 - WinPE Tool

Find Your BitLocker 0:08:26

Find Your BitLocker Recovery Key

Комментарии
Автор

Hello Andy! Amazing video and I really like your teaching skills! Clear, slow and straight to the point! :)

Gdude
Автор

Here is the problem. The innocent buyer of your product knows nothing about your system, and is now locked out of his PC, did not put in any passwords; and more often the seller has no knowledge of this! So the poor consumer pays and suffers! That is just brilliant!!!

dermotricketts
Автор

Thank you for this video, this was helpful to a bitlocker Noob exploring how secure bitlocker is. So just to clear up the following as to what was stated, and someone please correct me if any of these are wrong...
A.) The PC/Laptop is vulnerable if it is powered on, AND already logged in, where someone who has access can take a dd image and memory image, and then later mount the image and use forensics software to extract the decryption key. Later, that key can key entered in when unlocking the harddrive.
B.) Using a laptop with a TPM will prevent the keys from being stored in RAM, and the computer is a lot more secure and less vulnerable to having the hard drive decrypted if stolen.
C.) TPM is not used as often in enterprise applications, because administrators want to backup the keys, for when employees leave the company and therefore they can still access the data on the employee's laptop.
D.) TPM chips are okay for personal laptops when you are the owner of the hardware and will not be using that computer under a corporate account.

If it is the case that someone can simply power on the laptop, and there is no bitlocker pin to enter, then after the laptop boots up they can take an image with a usb or firewire cable without being logged in, that is a serious problem, unless a TPM is being used.

johnson
Автор

6:33 When you say "the recovery key is always stored at the front of the image" are you talking about the memory image or the disk image. If it's the disk image that'd be equivalent to taping the key to the safe I'd think. It also seems bizarre that the recovery key is ever loaded into memory or saved in the page file at all. What purpose does that serve other than to make the encryption pointless? Can you show us what encryption settings you used for Bitlocker when making that disk?

jaymathew
Автор

Great video! Follow-up question:
How exactly did you create the forensic 'DD' image that you mentioned at approximately the 3:48 time mark? It sounds like you mentioned a Firewire cable, but I cannot make it out for sure and no further explanation is given for the process to create the direct disk image of the encrypted BitLocker drive?

Mattistal
Автор

v interesting - i have done many hours of security and didnt know this - even did the AZ-500 and CASP last year ! Thanks for sharing this and Happy Halloween :)

mikesmith
Автор

Thanks for the video, very interesting stuff. Stumbled onto your channel while trying to help a friend with their computer.
One question I have which I didn't totally understand from your video - it sounds like this will only work if you have access to the encrypted computer WHILE IT'S BOOTED and in Windows, is that correct? If the computer is turned off, the data is flushed from RAM, is it not? So if you try booting the encrypted computer and do not know the password to get into the user's profile, is the Recovery key still able to be extracted using your method?

BenDoverMee
Автор

that was absolutely brilliant. I wonder if it is possible to live boot Linux along side a windows that was properly shut down not in read only mode and be able to use similar tools to grab the same password or are they only windows tools. I think this is useful also if one gets a virus on their machine and has to be able to turn bitlocker off to gain full admin access. Love videos like this and looking forward to more.

SpencerDavis
Автор

Great Video but what Programs did you use to create the memory shot and the DD drive ?

jamesbowman
Автор

So the recovery key gets leaked into the memory when the PC is in use. OK. You say the the key does to the memory and also to the page file. So the question is: if I turn off the machine, I am safe? The receovery key is not on memory anymore, and the pagefile, even if it is not purged of the recovery key when tou shutdown, it is on an encrypted drive, inacessible without the password or key. What I am asking is: if I shutdown the machine, I am safe against this attack of imaging the disk and memory? Thank you.

fabioamado
Автор

Question 2 - I also listened several times, and I never heard what your suggestion(s) are as to how we can protect ourselves against this. In your comments you mention the video will tell us how to defend ourselves against someone doing this to us. Can you direct me to the specific time spot where it is explained?

BenDoverMee
Автор

Hey Andy, very interesting video. I'm curious, if you never had a Bitl-ocker key established I have to imagine this would not work?

rclef
Автор

So i have a question, if my workmate's PC happens to be destroyed before i take those "snapshots", theres no other way to unlock the recovered encrypted drive?

pettispaghetti
Автор

I have two questions. What if there is a different case where police only takes the hardware (hdd/ssd) without taking the whole pc. Would they still be able to access the memory ram / snapshot the drive and crack the password? Would it make it less effective or there would not be any vulnerability to encrypt without TPM modular method in this case?

AndreiSimion-hwqr
Автор

@Andy, does this also work for a laptop with an external hdd, which of the laptop has been formatted a couple times, where the external drive is encrypted? Or if the ram module has been changed?

alphawarriorthegrandmaster
Автор

how did you produce the .bin file? I tought it was the memory dump of the original pc (which we can't use because its disk is bitlocker-ed). the dd file is like the clone of the disk in .dd file iirc?

glowiever
Автор

Hi Andy

Thank you for the great video. What is the software you use to create dd image (Direct disk image) & Memory bin?

MAslamJiffry
Автор

Have a lovely Christmas
i have a question the forensic software costs alt and i excitingly bitlocked my files
i tried using yhe software but it dident eork properly i followed every step

mamoonmansoor
Автор

Loved this video, Presented an interesting forensic case with demo ✨

grwnup
Автор

also how do i check if i even have tmp ? im still on my old 2017 rig (im poor lol) if i enable bitlocker and preboot pin im safe ?

also im on windows 7 ultimate so will this still work ?

im currently encrypting my 2tb toshiba 5000rpm hdd, its been more than 10h and im on 25% xD if i copy one game from this hdd now to my main ssd wil that break the process ? coz im really bored of waiting lmao xD

ozozzooo