GreatXML BitLocker Bypass PoC Targets Windows WinRE

🔗 https://cybersecurefox.com/en/greatxml-bitlocker-bypass-winre-poc

#GreatXML #BitLocker #bypass #Windows #WinRE #Chaotic #Eclipse #Microsoft #Defender #Offline

«Sicherheitsrisiko für Windows-Systeme — Bypass für BitLocker - Neuer Exploit GreatXML knackt Windows:
Der Sicherheitsforscher Nightmare Eclipse hat mit GreatXML einen neuen Zero-Day-Exploit veröffentlicht, der die BitLocker-Verschlüsselung aushebelt.»

Die nächste BitLocker Lücke. Jegliche Software kann/hat Sicherheitslücken doch bei Windows häuft sich dies mMn. Und auch da, die Updates nicht verschieben.

🪟 https://www.it-daily.net/it-sicherheit/cloud-security/bypass-fuer-bitlocker-neuer-exploit

#windows #zeroday #bitlocker #bypass #greatxml #itsicherheit

New Exploit Bypasses Windows BitLocker via Recovery Partition Files

A security researcher stumbled upon a shocking new exploit, dubbed GreatXML, that bypasses Windows BitLocker in just 4 hours - and it's connected to the Windows Defender Offline Scan feature. If you've ever used this scan, you may be vulnerable to this alarming BitLocker bypass.

https://osintsights.com/new-exploit-bypasses-windows-bitlocker-via-recovery-partition-files?utm_source=mastodon&utm_medium=social

#BitlockerBypass #Windows #Greatxml #EmergingThreats #Vulnerability

Microsoft Zero-Day Exploit Bypasses BitLocker Encryption

A security researcher known as Nightmare Eclipse has made a startling discovery, unveiling exploit code called GreatXML that can bypass Microsoft's BitLocker encryption on systems that have run a Microsoft Defender Offline scan. This accidental find took just four hours to uncover, leaving many to wonder about potential vulnerabilities.

https://osintsights.com/microsoft-zero-day-exploit-bypasses-bitlocker-encryption?utm_source=mastodon&utm_medium=social

#Microsoft #Bitlocker #ZeroDay #Exploit #Greatxml

Another bitlocker vuln from yours truly, now called GreatXML.

Details below are copy pasted from NightmareEclipse readme:

Steps to reproduce:

1. If defender offline scan was initiated in the victim machine at any point then there is no need to login, the machine is automatically vulnerable. You will have to copy "unattend.xml" and "Recovery" directory to the root of the recovery partition then reboot to WinRE using shift + click on restart button, if everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn.

2 .If defender offline scan was never initiated then you have to either login and initiate it yourself or figure out a way to boot into WinRE in offline scan state (I believe it should be very possible to do so without logging in) and follow steps above.

Source and repo list:

https://deadeclipse666.blogspot.com/2026/06/greatxml-bitlocker-that-seems-to-only.html
https://github.com/MSNightmare/GreatXML

https://git.projectnightcrawler.dev/NightmareEclipse/GreatXML

https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML

#cybersecurity #infosec #nightmareEclipse #greatxml #windows #zeroday #vulnerability #msrc