AmmarSpacesAnother bitlocker vuln from yours truly, now called GreatXML.
Details below are copy pasted from NightmareEclipse readme:
Steps to reproduce:
1. If defender offline scan was initiated in the victim machine at any point then there is no need to login, the machine is automatically vulnerable. You will have to copy "unattend.xml" and "Recovery" directory to the root of the recovery partition then reboot to WinRE using shift + click on restart button, if everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn.
2 .If defender offline scan was never initiated then you have to either login and initiate it yourself or figure out a way to boot into WinRE in offline scan state (I believe it should be very possible to do so without logging in) and follow steps above.
Source and repo list:
https://deadeclipse666.blogspot.com/2026/06/greatxml-bitlocker-that-seems-to-only.html
https://github.com/MSNightmare/GreatXML
https://git.projectnightcrawler.dev/NightmareEclipse/GreatXML
https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML
#cybersecurity #infosec #nightmareEclipse #greatxml #windows #zeroday #vulnerability #msrc
