Rendered at 22:09:20 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
ndiddy 19 hours ago [-]
I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data. https://github.com/Nightmare-Eclipse/YellowKey/ You load a specific file onto a flash drive, plug it into a Bitlocker encrypted computer, reboot it while holding a key combination, and it pops up a command prompt with full access to the encrypted volume. There's no way this isn't a backdoor.
aiscoming 18 hours ago [-]
this exploit works only if you dont use a PIN/password for your Bitlocker and the volume automatically unlocks
so it gives you access to an encrypted volume which automatically unlocks anyway
the only difference is that it immediately gives you root access to the volume instead of having to go through the Windows login procedure - this might be a stolen laptop you dont have an account on
ndiddy 18 hours ago [-]
The author claims the exploit also works with TPM+PIN, he just hasn't released the PoC:
> Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough.
I'm not a Windows expert but based on my understanding of how MS does this, something doesn't add up here.
If you use bitlocker in the default, insecure way, where the TPM is configured to hand the decryption keys over to the enrolled Windows environment automatically, you can just get an LPE to access the running Windows environment after it boots. That's what I think the published exploit does. It really isn't even related to bitlocker itself, right?
AIUI, TPM+PIN should actually mean the TPM itself cannot release the keys because the PIN hash is actually part of the key material.
So what would a TPM+PIN exploit even look like?
ranger_danger 2 hours ago [-]
> you can just get an LPE to access the running Windows environment after it boots
> TPM+PIN should actually mean the TPM itself cannot release the keys
It does release the (wrapped) key actually (the above cyberlabs link explains it), it's just that the KP data this time has additional layers of encryption that are based on the PIN, which is decrypted in software after the fact. This means you can crack it offline. With the default minimum of 6 digits you can probably bruteforce it within a day.
If you're paranoid I might suggest switching to a full password-based pre-boot auth option instead of the PIN.
panflute 8 hours ago [-]
The usual attack is in a usability feature to prevent lock out. Looking at the instructions for setup I see Bitlocker recovery code if you forget your pin.. (How does that alternative work, what are other alternative unlocks if firmware hash changes, etc, etc..)
aiscoming 17 hours ago [-]
they might mean "after you enter the bitlocker PIN you get root access without having a login password on the system" - still just a privilege escalation bug
iscoelho 17 hours ago [-]
That’s quite a stretch, to say the least.
aiscoming 16 hours ago [-]
claiming to have a 10 times more impressive PoC but not releasing it "out of goodness of heart" is also quite a stretch
iscoelho 16 hours ago [-]
Considering the researcher had already reported these to Microsoft, and delayed releasing them publicly until Microsoft "pulled every childish game possible" (quote) instead of patching them, it's not unreasonable for the researcher to be withholding another exploit from the public to limit harm.
I also disagree that the PIN bypass would be "10 times more impressive," but that's just my professional opinion.
ranger_danger 2 hours ago [-]
We know that the PIN method wraps the key in additional layers of encryption, and that the TPM happily returns this wrapped key on boot. So the extra step(s) required would be to bruteforce the PIN and now you can unwrap the plain key.
If you think about it for some minutes you will maybe understand that there are many reasons not to publish it.
otterley 18 hours ago [-]
> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data
I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.
jiggawatts 16 hours ago [-]
Microsoft quietly dropped support for encryption offload support ("OPAL") in SSD drives because the hardware vendors were doing absolute clown-shoes things like a single static hard-coded key or the key was literally empty / all zeroes!
There's levels of trust/security.
I generally trust Apple's device encryption, assume BitLocker can be popped by a well-equipped nation state attacker, and the rest I trust about as far as I can throw them.
PS: A related issue was (is?) that the comms between the CPU and the TPM chip on the motherboard isn't encrypted, signed, or in any significant way protected! Apparently it's relatively trivial to extract various keys including BitLocker encryption keys by simply clipping an oscilloscope to the TPM chip pins.
Ah, yes. Wave EMBASSY Suite, Wave Preboot, and all that other hot garbage.
Best part of Wave Systems was their horrid support organization. I loved being the tier 0 rep they contracted and trained with zero software knowledge and being a catch-and-throw for all the angry people that locked themselves out of their laptops. "Sorry, buddy, all I can do is make you a Dynamics CRM ticket."
I don't see anything on the linked page that supports a conclusion that NSA has successfully broken the encryption at rest of an Apple device's storage since they introduced the secure element.
Care to share a quote?
ffsm8 18 hours ago [-]
Prism targeted network communication to my knowledge, hence the data wouldn't be siphoned from at rest encrypted devices. Instead it would've been leaked before it was copied to that local encrypted device, whenever it was transmitted over the wire. Eg when your background task uploaded it to iCloud or similar.
There is no way for us, the users, to know wherever they have the capability to add additional keys to decrypt the data because the platform isn't open source and doesn't have attestation wrt what's actually serving the requests.
And it's worth remembering that apple had similar articles published before prism too which were ultimately proven to be groundless by prism.
dcrazy 6 hours ago [-]
The whole thing relies on hardware security modules, so even if you can prove that the whole software stack is working as described, there is literally no way to know that the SE isn’t secretly handing the OS keys that a third party can decrypt.
There needs to be trust at some level, and trust in Apple the entity to not be outright lying about its thoroughly documented security posture is a reasonable level of trust for most people on the planet, including those who are at very real risk of targeted attack by state-level actors.
otterley 17 hours ago [-]
What, exactly, was proven to be groundless?
Veserv 18 hours ago [-]
Ah yes, the bizarro world where systems are normally unhackable so the default assumption is impenetrable security and you need to prove they are insecure.
Thank god this is not the world where things get hacked all the time and where any claim of meaningful security is a extraordinary claim that demands extraordinary evidence and proof before credibly asserting it, but everybody just ignores that part and just pinky promises it and everybody just believes them for the 104th time without evidence.
17 hours ago [-]
otterley 17 hours ago [-]
[flagged]
leonidasrup 15 hours ago [-]
Without access to source code this security white papers are equivalent to marketing papers.
Veserv 16 hours ago [-]
That is not how the burden of proof works. You have the burden to demonstrate your extraordinary claim of security adequate to stop the NSA, a claim that flies in the face of the overwhelming prevailing trend of insecurity both in the industry and Apple in particular.
Your claim has been made without evidence. It can be dismissed without evidence. And that is ignoring the fact that it is a claim actually made against the evidence, both ambient and particular.
And no, Apple marketing does not qualify as evidence. You need a competent, unbiased, third-party with demonstrated discriminatory power to support such a claim.
otterley 10 hours ago [-]
I’m afraid you have it backwards. I made only a claim that it hasn’t happened yet, based on the absence of stories that it has. That’s a negative claim, like “there’s no evidence that God exists.” It is not my burden to prove the absence of something. It is the burden of someone who makes a positive assertion (e.g. God exists) to support that claim with evidence.
While you have every right to be skeptical about the security posture of Apple hardware, that doesn’t mean the burden is on me to conclusively prove that it can withstand the possible universe of attacks against it.
Veserv 7 hours ago [-]
Ah yes, you are arguing that you should continue to use vendor provided encryption because, by your own admission that you are making no positive claims, there is no positive evidence of its security or fitness for purpose.
> the fact that it's tied to a hardware secure element makes it pretty strong
Is that also a negative claim of some sort? Maybe if you say “not not pretty strong” you can randomly declare it a negative claim because it has the word “not” in it.
An argument consisting of only negative claims is not evidence for any position. As you have put forward a position, or at least implied one, you are either making unsupported positive claims or fallaciously attempting to use negative claims as support.
Present evidence of your claims of fitness for purpose in this security landscape. That is not some sort of a inherent birthright and must be demonstrated before being claimed. Otherwise you should provide no statement in favor of their usage as you have.
otterley 6 hours ago [-]
What is your point, exactly? Seems like you just want to argue for argument’s sake. This is also against the site guidelines. If you’d like to have a meaningful, insightful conversation, then perhaps contribute something of value to it.
Nobody can demonstrably prove the security of Apple’s hardware platform. We can only make decisions based on the evidence we have. That evidence consists of the historical record, particularly with respect to alternative platforms. Most decisions in this world are based on relative trust and probability, not absolute certainty.
If the only thing that will satisfy you is rolling your own encryption, then by all means, do that, but also be mindful that most people who attempt to do this end up even more vulnerable, relatively speaking. Crypto and security is historically difficult.
Veserv 4 hours ago [-]
I made only a claim that there is no evidence that Apple provided encryption is secure, based on the absence of evidence for it. That's a negative claim. Pointing out a standard argument is fallacious is a meaningful contribution.
You appear to have taken umbrage at me pointing out how your claims are unsupported and have already twice attempted to weaponize social norms to quash disagreement instead of presenting a argument.
> "If the only thing that will satisfy you is rolling your own encryption"
You have now made another fallacious argument by painting a strawman and then arguing that strawman is unreasonable and thus I am being unreasonable.
> "Nobody can demonstrably prove the security of Apple’s hardware platform."
You can, in fact, demonstrably prove the security of Apple's platform. I literally presented a uncontroversial criteria in my second response: "You need a competent, unbiased, third-party with demonstrated discriminatory power to support such a claim.". The key element here is demonstrated discriminatory power.
As you have implied that Apple provided encryption is secure against the NSA:
> "I don't see anything on the linked page that supports a conclusion that NSA has successfully broken the encryption at rest of an Apple device's storage since they introduced the secure element."
Please present a party who has previously ruled a system as secure against the NSA and was demonstrated to be correct. Hell, I will even accept it if you can present literally any technically competent executive in Apple who is even willing to claim their system is secure against the NSA, let alone actually proving it. If even Apple will not claim it, then there is no hope it is accidentally better than that as claimed by ignorant outsiders.
You will most likely then claim that the standard, which you yourself implied, is unreasonable as it has never been done. Which is, again, utterly false on multiple counts. First, standards drawn from objective criteria for success (e.g. secure against specific threats) are the gold standard of standards. Second, it has been done before, you are just ignorant of it.
The Common Criteria SKPP standard required NSA penetration tests until the NSA was satisfied that no defects would be discovered. The Common Criteria EAL7 standard requires a formal hardware specification with formal proofs of correctness, a standard generally believed to be "secure" and which I would accept if it covered the entirety of the hardware/software system. Absent that you need empirical demonstrations that specific security implementation choices consistently, empirically, and discriminatorily achieve the desired objective criteria for success.
Apple has done certifications, which they proudly present on their security page [1], to the absolute lowest levels of security you can even certify to. A level only fit for products where [2]: "some confidence in the correct operation is required, but the threats to security are not viewed as serious" which does not even require "demonstrating resistance to penetration attackers with a basic attack potential" [3]. A real vote of confidence in their implementations.
> You appear to have taken umbrage at me pointing out how your claims are unsupported and have already twice attempted to weaponize social norms to quash disagreement.
I was not trying to quash disagreement. I like healthy disagreement, provided it’s done so politely and respectfully. It is possible to make a valid point or offer a substantive correction and not be disrespectful or impolite about it. So I was trying to nudge you to disagree in such a way that conforms to the social norms of this site. You’ve read and accepted those norms, have you not?
> I literally presented an uncontroversial criteria in my second response: "You need a competent, unbiased, third-party with demonstrated discriminatory power to support such a claim.”
Lack of third-party vetting doesn’t mean it’s not secure. The food I grow in my backyard might well be healthy even though I didn’t have the agriculture department inspect it. You might feel better with validation, but that is a personal choice, not an objective requirement.
On the flip side, third-party review doesn’t guarantee security, either. Consider how many third parties have blessed implementations of one thing or another over the course of history and how many times those opinions have turned out to be wrong later down the line.
In any event, you’re still welcome to your skepticism. But it’s not an objective fact that the platform isn’t secure. It all comes down to an opinion and trust at the end of the day. I still trust Apple more than Microsoft to get this right, and so I’ll take my chances.
zuzululu 16 hours ago [-]
How does Bill Gates keep getting away with this
sexylinux 16 hours ago [-]
Do you know of a backdoor for Apple FileVault?
purpleidea 19 hours ago [-]
It's so obvious that many of the bugs being found are/were most likely M$ backdoors.
There doesn't seem to be any other plausible explanation. The reckoning needs to come and people need to stop using their products for good.
Would love a whistleblower to explain which part of the government or company forced it.
anonymars 19 hours ago [-]
Haven't there been heaps of vulnerabilities cropping up all over recently, including CopyFail and Dirty Frag?
zuzululu 16 hours ago [-]
yeah those have shaken a lot of people's confidence in Linux and I don't really see people ditching Windows either.
In some ways the hysteria of sorts is peculiar....its not like we never had secure cybersecurity either its just that we have too much on the cloud and institutions of trust without questioning it because of herd behavior and empty suits.
Like the timing of all of these seemingly disparate events from "mystery lonewolf" is too obvious and I'm not the one to entertain conspiracies either.
BizarroLand 3 hours ago [-]
A LOT of people are ditching windows. The only Windows computer I have left out of 5 is a work pc.
CachyOS is pretty amazing, too.
Veserv 6 hours ago [-]
We had secure cybersecurity? When?
I mean, there is some in the high assurance space, but that has never trickled into the broader consumer sphere. Are you referencing those systems? I am unaware of anything else.
blitzar 16 hours ago [-]
They might be incompetent
youre-wrong3 16 hours ago [-]
[flagged]
lpcvoid 16 hours ago [-]
[dead]
__alexander 20 hours ago [-]
So weird that GitHub requires a login to view their BlueHammer repo.
I'm logged in, but I'm seeing this now and can click on "View repository" or "Explore other repositories". Maybe that's why it's behind a login wall.
> This repository contains malicious content that may cause technical harms. We have decided to preserve this content for security research purposes. Please exercise CAUTION when clicking links, downloading releases, or otherwise interacting with this repository.
tsujamin 19 hours ago [-]
That warning also doesn’t render right on my
iPhone (the buttons are overlapping slightly), and I don’t recall seeing it on other repos. Is it new/bespoke?
NDlurker 19 hours ago [-]
Oh cool. My brother's old laptop is locked. Maybe this will help
Charon77 18 hours ago [-]
Only affects win11
NDlurker 18 hours ago [-]
Haha I texted him about this and he said he already re-installed Windows. Bad timing. It was just a couple weeks ago he told me about this.
taspeotis 18 hours ago [-]
Windows 11 is almost 5 years old at this point
lostmsu 12 hours ago [-]
This won't work if Windows on boot is already asking for BitLocker key because it means it can't retrieve the key from TPM.
NordStreamYacht 19 hours ago [-]
Laid off Microsoft researcher?
pcthrowaway 12 hours ago [-]
Or laid of NSA, laid off Mossad, or many other possibilities.
Or not laid off at all, but otherwise disgruntled security researcher who prompted AI to concoct some personal details that seem to be in line with someone inexplicably dropping Microsoft zero-days.
zuzululu 16 hours ago [-]
No way to know but the timing is peculiar....conspiracy?
aussieguy1234 19 hours ago [-]
Could the Bitlocker vulnerability be a backdoor mandated by some government agency?
Havoc 13 hours ago [-]
Seems odd that someone is both capable of this and homeless. This stuff has decent value on the grey market
gilrain 11 hours ago [-]
You imagine people wind up homeless because they can’t do useful things? What a just world!
getcrunk 16 hours ago [-]
Anyone remember the Samsung ssd issue with bitlocker from maybe like a decade or so ago where it was an empty encryption key or something
so it gives you access to an encrypted volume which automatically unlocks anyway
the only difference is that it immediately gives you root access to the volume instead of having to go through the Windows login procedure - this might be a stolen laptop you dont have an account on
> Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough.
https://deadeclipse666.blogspot.com/2026/05/were-doing-silen...
If you use bitlocker in the default, insecure way, where the TPM is configured to hand the decryption keys over to the enrolled Windows environment automatically, you can just get an LPE to access the running Windows environment after it boots. That's what I think the published exploit does. It really isn't even related to bitlocker itself, right?
AIUI, TPM+PIN should actually mean the TPM itself cannot release the keys because the PIN hash is actually part of the key material.
So what would a TPM+PIN exploit even look like?
Or if you have physical access, you can probe the TPM chip with a SPI decoder to get the key directly: https://post-cyberlabs.github.io/Offensive-security-publicat...
Another method is via PXE (still not patched on most systems apparently): https://github.com/andigandhi/bitpixie
> TPM+PIN should actually mean the TPM itself cannot release the keys
It does release the (wrapped) key actually (the above cyberlabs link explains it), it's just that the KP data this time has additional layers of encryption that are based on the PIN, which is decrypted in software after the fact. This means you can crack it offline. With the default minimum of 6 digits you can probably bruteforce it within a day.
If you're paranoid I might suggest switching to a full password-based pre-boot auth option instead of the PIN.
I also disagree that the PIN bypass would be "10 times more impressive," but that's just my professional opinion.
https://post-cyberlabs.github.io/Offensive-security-publicat...
I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.
There's levels of trust/security.
I generally trust Apple's device encryption, assume BitLocker can be popped by a well-equipped nation state attacker, and the rest I trust about as far as I can throw them.
PS: A related issue was (is?) that the comms between the CPU and the TPM chip on the motherboard isn't encrypted, signed, or in any significant way protected! Apparently it's relatively trivial to extract various keys including BitLocker encryption keys by simply clipping an oscilloscope to the TPM chip pins.
Reference: https://www.techcentral.ie/windows-bitlocker-no-longer-trust...
Ah, yes. Wave EMBASSY Suite, Wave Preboot, and all that other hot garbage.
Best part of Wave Systems was their horrid support organization. I loved being the tier 0 rep they contracted and trained with zero software knowledge and being a catch-and-throw for all the angry people that locked themselves out of their laptops. "Sorry, buddy, all I can do is make you a Dynamics CRM ticket."
Care to share a quote?
There is no way for us, the users, to know wherever they have the capability to add additional keys to decrypt the data because the platform isn't open source and doesn't have attestation wrt what's actually serving the requests.
And it's worth remembering that apple had similar articles published before prism too which were ultimately proven to be groundless by prism.
There needs to be trust at some level, and trust in Apple the entity to not be outright lying about its thoroughly documented security posture is a reasonable level of trust for most people on the planet, including those who are at very real risk of targeted attack by state-level actors.
Thank god this is not the world where things get hacked all the time and where any claim of meaningful security is a extraordinary claim that demands extraordinary evidence and proof before credibly asserting it, but everybody just ignores that part and just pinky promises it and everybody just believes them for the 104th time without evidence.
Your claim has been made without evidence. It can be dismissed without evidence. And that is ignoring the fact that it is a claim actually made against the evidence, both ambient and particular.
And no, Apple marketing does not qualify as evidence. You need a competent, unbiased, third-party with demonstrated discriminatory power to support such a claim.
While you have every right to be skeptical about the security posture of Apple hardware, that doesn’t mean the burden is on me to conclusively prove that it can withstand the possible universe of attacks against it.
> the fact that it's tied to a hardware secure element makes it pretty strong
Is that also a negative claim of some sort? Maybe if you say “not not pretty strong” you can randomly declare it a negative claim because it has the word “not” in it.
An argument consisting of only negative claims is not evidence for any position. As you have put forward a position, or at least implied one, you are either making unsupported positive claims or fallaciously attempting to use negative claims as support.
Present evidence of your claims of fitness for purpose in this security landscape. That is not some sort of a inherent birthright and must be demonstrated before being claimed. Otherwise you should provide no statement in favor of their usage as you have.
Nobody can demonstrably prove the security of Apple’s hardware platform. We can only make decisions based on the evidence we have. That evidence consists of the historical record, particularly with respect to alternative platforms. Most decisions in this world are based on relative trust and probability, not absolute certainty.
If the only thing that will satisfy you is rolling your own encryption, then by all means, do that, but also be mindful that most people who attempt to do this end up even more vulnerable, relatively speaking. Crypto and security is historically difficult.
You appear to have taken umbrage at me pointing out how your claims are unsupported and have already twice attempted to weaponize social norms to quash disagreement instead of presenting a argument.
> "If the only thing that will satisfy you is rolling your own encryption"
You have now made another fallacious argument by painting a strawman and then arguing that strawman is unreasonable and thus I am being unreasonable.
> "Nobody can demonstrably prove the security of Apple’s hardware platform."
You can, in fact, demonstrably prove the security of Apple's platform. I literally presented a uncontroversial criteria in my second response: "You need a competent, unbiased, third-party with demonstrated discriminatory power to support such a claim.". The key element here is demonstrated discriminatory power.
As you have implied that Apple provided encryption is secure against the NSA:
> "I don't see anything on the linked page that supports a conclusion that NSA has successfully broken the encryption at rest of an Apple device's storage since they introduced the secure element."
Please present a party who has previously ruled a system as secure against the NSA and was demonstrated to be correct. Hell, I will even accept it if you can present literally any technically competent executive in Apple who is even willing to claim their system is secure against the NSA, let alone actually proving it. If even Apple will not claim it, then there is no hope it is accidentally better than that as claimed by ignorant outsiders.
You will most likely then claim that the standard, which you yourself implied, is unreasonable as it has never been done. Which is, again, utterly false on multiple counts. First, standards drawn from objective criteria for success (e.g. secure against specific threats) are the gold standard of standards. Second, it has been done before, you are just ignorant of it.
The Common Criteria SKPP standard required NSA penetration tests until the NSA was satisfied that no defects would be discovered. The Common Criteria EAL7 standard requires a formal hardware specification with formal proofs of correctness, a standard generally believed to be "secure" and which I would accept if it covered the entirety of the hardware/software system. Absent that you need empirical demonstrations that specific security implementation choices consistently, empirically, and discriminatorily achieve the desired objective criteria for success.
Apple has done certifications, which they proudly present on their security page [1], to the absolute lowest levels of security you can even certify to. A level only fit for products where [2]: "some confidence in the correct operation is required, but the threats to security are not viewed as serious" which does not even require "demonstrating resistance to penetration attackers with a basic attack potential" [3]. A real vote of confidence in their implementations.
[1] https://support.apple.com/en-us/103027
[2] https://www.commoncriteriaportal.org/files/ccfiles/CC2022PAR... Page 14
[3] https://www.commoncriteriaportal.org/files/ccfiles/CC2022PAR... Page 16
I was not trying to quash disagreement. I like healthy disagreement, provided it’s done so politely and respectfully. It is possible to make a valid point or offer a substantive correction and not be disrespectful or impolite about it. So I was trying to nudge you to disagree in such a way that conforms to the social norms of this site. You’ve read and accepted those norms, have you not?
> I literally presented an uncontroversial criteria in my second response: "You need a competent, unbiased, third-party with demonstrated discriminatory power to support such a claim.”
Lack of third-party vetting doesn’t mean it’s not secure. The food I grow in my backyard might well be healthy even though I didn’t have the agriculture department inspect it. You might feel better with validation, but that is a personal choice, not an objective requirement.
On the flip side, third-party review doesn’t guarantee security, either. Consider how many third parties have blessed implementations of one thing or another over the course of history and how many times those opinions have turned out to be wrong later down the line.
In any event, you’re still welcome to your skepticism. But it’s not an objective fact that the platform isn’t secure. It all comes down to an opinion and trust at the end of the day. I still trust Apple more than Microsoft to get this right, and so I’ll take my chances.
There doesn't seem to be any other plausible explanation. The reckoning needs to come and people need to stop using their products for good.
Would love a whistleblower to explain which part of the government or company forced it.
In some ways the hysteria of sorts is peculiar....its not like we never had secure cybersecurity either its just that we have too much on the cloud and institutions of trust without questioning it because of herd behavior and empty suits.
Like the timing of all of these seemingly disparate events from "mystery lonewolf" is too obvious and I'm not the one to entertain conspiracies either.
CachyOS is pretty amazing, too.
I mean, there is some in the high assurance space, but that has never trickled into the broader consumer sphere. Are you referencing those systems? I am unaware of anything else.
https://github.com/Nightmare-Eclipse/BlueHammer
> This repository contains malicious content that may cause technical harms. We have decided to preserve this content for security research purposes. Please exercise CAUTION when clicking links, downloading releases, or otherwise interacting with this repository.
Or not laid off at all, but otherwise disgruntled security researcher who prompted AI to concoct some personal details that seem to be in line with someone inexplicably dropping Microsoft zero-days.
YellowKey Bitlocker Bypass Vulnerability
https://news.ycombinator.com/item?id=48114997