-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Soooo, something extremely funny is happening.
After the recent events, multiple researchers reached out to me and some just literally gave me free vulnerabilities...
One of them was JonasLyk, he did most work, I just did the emotional support part. But he found a way to violate secure boot trust, it's not a full secure boot bypass but it breaks the guarantees secure boot is supposed provide. We believe this be used to compromise confidential virtual machines but we're not really sure if that's possible since we don't have access to such technologies.
One thing we're sure of, is it fully bypasses bitlocker.
The bug will be released sometime in June ;)
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCahqAywAKCRDFFoRCS0/S
bHA+AQCILdI4RpsBgQlBXMj+AiDQAD7pY66DzWb20jqqAh1FTQEAiGtNbE8T337u
wzeziu45/o+T4PdtQw+3sTInYFf56A8=
=V+4y
-----END PGP SIGNATURE-----
Something to consider: Don't take this the wrong way, but at some point in the future all of this is just going to waste your energy if Microsoft is still abusing you—they may not give you the resolution you want on purpose. I'm not condemning or promoting what you're doing, but I hope that in the future you find some chance to work for a cause that'll respect your work. Perhaps look into free software and find some 0-days in Linux? There's no way a group of volunteers will reject a vulnerability report... unless you communicate extremely poorly, for very nontrivial definitions of poorly... which is unlikely for someone your skill level. I'm confident that free software won't shut you out. Perhaps do some other job to get minimum wage to support yourself in the meantime?
ReplyDelete