Manuel Mehltretter
Manuel Mehltretter
Depends. If the boot priority goes to pxe or usb first you do not need that step for the exploit. Otherwise its still usable for privesc from normal user to...
Compile it for ARM64. Out of Scope for this PoC and I dont really see a benefit.
Can be flagged as improvement. Would need to mount an sftp/nfs/smb share as target, or requires usb ports to be enabled. tftp would be way to slow.
Try to understand what the BCD does. Read the blog and watch the talk. That setting does indeed matter a lot.
Measured Boot triggers are very plattform specific. Dell business devices have different settings for PXE and PXE from USB for example. Needs to be tested and can be different for...
This exploit is in effect a new family. Many different exploitations are possible after abusing the BCD. Th0mas also stated that his approach lacked hindsight and was more of a...
@martanne German notebooks and recovery (that defaults to english) is a pain for us... @netaddict the additional files do not matter... the problem is that the shim is not requested......
@pascal-gujer that would have been my second hunch, but the request for the shim not showing in the log tripped me up. Thanks for pointing it out in detail! A...
@martanne we completely reworked the build process of this repo and took some inspiration from yours :) Thanks for your work on this!
Give it time... and look at the tftp logs... black screens of up to a minute are possible... at least on my test machine.