Wednesday, 10 June 2026

GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan

 -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512


This was an accidental discovery, it took a total of 4 hours to find this.


If you ever attempted to use Windows Defender Offline Scan, you're automatically vulnerable to a bitlocker bypass. I'm unsure if you can still trigger the bug without ever using the offline scan feature, because you can definitely


Details can be found here,


https://git.projectnightcrawler.dev/NightmareEclipse/GreatXML


https://github.com/MSNightmare/GreatXML


https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML


I think you can definitely make this work in more scenarios, just not interested enough to look at it for now.

-----BEGIN PGP SIGNATURE-----


iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCaioMsQAKCRDFFoRCS0/S

bLn8AQDqoC5Tnb8PvwWnrD72Zr7fCEAd03aAylzZ4FQjxxTYKgD+Im4JFnXCaJI3

915H+L156rTRG+ExvkIU5M8LK8lDLAY=

=jQRA

-----END PGP SIGNATURE-----












at

3 comments:

Subscribe to: Post Comments (Atom)

GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan

  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This was an accidental discovery, it took a total of 4 hours to find this. If you ever att...

  • Public disclosure
    I was not bluffing Microsoft and I'm doing it again. https://github.com/Nightmare-Eclipse/BlueHammer Unlike previous times, I'm not ...
  • July 14th
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Okay, So let me get this straight, when I actively asked you to communicate with me, you ref...
  • We're doing silent patches now huh, also a quick note about YellowKey
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I just noticed that Microsoft silently patched the RedSun vulnerability, no CVE, no nothing,...