-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I just noticed that Microsoft silently patched the RedSun vulnerability, no CVE, no nothing, just a silent patch. Not surprised they never admit their mistakes but considering it was under active exploitation, having zero advisory is insane.
Now regarding YellowKey, lots of you are wondering how does one even find such backdoor ?
I'll tell you how, it took me more time trying to get it to work than the amount of sleep I had in two years combined. No AI involved, no help in any shape or form. I could have made some insane cash selling this but no amount of money will stand between me and my determination against Microsoft.
Funny thing is, no one and I say again NO ONE has managed to figure out how YellowKey works, the real root cause is still not unknown by the general public. I think it will take a while even for MSRC to find the real root cause of the issue. I just never managed to understand why this vulnerability is sooo well hidden.
Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough.
I can't wait when I will be allowed to disclose the full story, I think people will find my crashout very reasonable and it definitely won't be a good look for Microsoft.
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCagRfWwAKCRDFFoRCS0/S
bDlGAP42z1Tck5TFPhaUbrC7WHcDwzr/ajAPLfj2ttXKfph30gEAm0KIZyf874gb
WAAGxop9J4RtzHIcQG6iPd1UqmWxhwM=
=xXqu
-----END PGP SIGNATURE-----
Understandable, have a nice day ✌️
ReplyDeleteNot gonna lie this reads pretty schizo but you get the pass since you found real vulns
ReplyDeletehttps://nvd.nist.gov/vuln/detail/CVE-2026-33825 ??
ReplyDeleteThis comment has been removed by the author.
Delete....stay strong, remember, right now is temporary, and no matter what there will be a moment in the future where u will feel much better....please be safe about what details you post online, you are def on the big names radar now, and that is when things can get risky for you and those around you. take care, and thank you for everything your doing.
ReplyDeleteThanks for making it! To be fair, it was fairly secure, at least until you mamaged to find the vuln in that amount of time. Kinda like denuvo, it cant block cracking but it can slow them down
ReplyDelete"Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough."
ReplyDeleteYour call but I would publish whatever you have. It works much better then Microslop stuff anyway. Now if you have an exploit for an external ssd locked with device encryption, that would be great.