I put together a PoC for a boot manager downgrade attack against BitLocker, building on Microsoft STORM's BitUnlocker research (CVE-2025-48804). Simpler to pull off than Bitpixie in most cases.

The push for TPM+PIN enforcement and SVN-based revocation shall continue!

Repo: https://github.com/garatc/BitUnlocker

All credit to Microsoft STORM for the original research

#BitLocker #infosec #pentesting #WindowsSecurity #physicalaccess

The USB Attack: A Tiny Device, A Huge Risk
This vulnerability revolves around a Physical Access Vector (PAV) involving a malicious USB device. The attacker planted a USB stick with malicious firmware into the target computer's USB port, allowing it to execute arbitrary code when connected. The device exploited a flaw in the USB Mass Storage Device (MSC) protocol, enabling it to bypass driver restrictions. The attacker crafted the firmware to mimic a removable drive, which was unrecognized by the operating system and thus evaded antivirus scanning. Upon insertion, the malicious firmware triggered a built-in exploit, taking advantage of a kernel vulnerability to gain system-level access. The impact of this vulnerability is severe, as it allows unauthorized access, data theft, and malware injection. The researcher earned $5,000 for reporting this critical issue. Proper remediation involves securing USB ports with hardware restrictions and implementing firmware-level whitelisting to prevent unauthorized devices from executing arbitrary code. Key lesson: Physical access can lead to critical security breaches, making it essential to secure USB ports. #BugBounty #Cybersecurity #PAV #PhysicalAccess #KernelExploit

https://medium.com/@bugitrix/%EF%B8%8F-the-usb-attack-a-tiny-device-a-huge-risk-3a66795f65f1?source=rss------bug_bounty-5

Weekend entertainment: tell us about a time you used social engineering to gain access to a building, server room, or area where you won’t supposed to be. I’ll go first.

I was the supervisor for all shifts in the Avionics Shop aboard a US Navy helicopter carrier, the USS Okinawa (LPH-3). My role didn’t call for access to the bridge. The bridge is only open to officers and crew who have a valid reason for being there.

One time out at sea after working hours my technicians and I were hanging out in the Avionics Shop. In addition to being where we worked, the shop was our living room, our social club. We had a stereo set up in there, and we could play our own music. When we were in port, I had run a hidden antenna cable out to where we could pick up local television stations, and we had a TV in the shop, too.

Anyway, somehow the subject of the bridge made its way into the conversation, and I said, “I sure would like to see the bridge.” We had a Marine squadron on board at the time, so some of the technicians assigned to me were Marines.

One of the Marines – CPL G. Kelly – said, “You wanna see the bridge, Bob? Let’s go. I’ll take you to the bridge.”

Incredulously I said, “What? How’re you gonna get us in there?”

CPL Kelly handed me a pen and a clipboard with a yellow notepad on it. He picked up a Simpson 260 multimeter and said, “Come on.”

We went up to the bridge and he knocked on the door. A young Seaman opened it to see what we wanted. “We have to check the electrical outlets,” CPL Kelly said.

Once we were inside CPL Kelly knelt down, put the meter probes in an outlet, and said, “One eighteen point three.” I meticulously wrote it on the notepad. We moved to the next outlet… CPL Kelly was very slow and deliberate with each reading, so I had plenty of time to look around and see the bridge.

Now, what’s your story? How did you get in to someplace you weren’t supposed to be?

(Photo: my wife took this picture as we returned to port after a 7-month deployment)

#cybersecurity #socialengineering #physicalaccess