Bitlocker on HackingPassion.com : root@HackingPassion.com-[~]

GreatXML Turns Windows Defender's Offline Scan Into a BitLocker Bypass

Fri, 12 Jun 2026 10:51:38 +0200

Nightmare-Eclipse is back again, this time with a BitLocker bypass called GreatXML that runs straight through Microsoft’s own antivirus. On a Windows machine that has run a Defender offline scan even once, the recovery mode hands over a command shell with full access to the encrypted drive, while BitLocker still reports the disk as locked and protected. Microsoft has no patch for it. He published GreatXML the day after RoguePlanet, right after the June Patch Tuesday where Microsoft had just fixed his first BitLocker bypass, the largest Patch Tuesday yet at close to 200 fixes in a single day.

Six Working Windows Zero Days and the Researcher Microsoft Called a Criminal

Sun, 31 May 2026 15:08:03 +0200

Six working Windows attacks are sitting in the open right now, three of them already seen in a real intrusion, and the researcher who published them did it after he says Microsoft refused him, deleted the account he reported bugs through, and paid him nothing. Microsoft removed his account, called his actions criminal, and pointed at its crime unit. Both stories are out there, and the security world cannot agree on who is more to blame.

YellowKey Bypasses BitLocker on Windows 11 Using Nothing But a Folder on a USB Stick

Fri, 15 May 2026 11:09:13 +0200

A folder copied to a USB stick is enough to bypass BitLocker encryption on Windows 11 and Windows Server 2022 and 2025, giving an attacker with a few minutes of physical access a command prompt with unrestricted access to everything on the encrypted drive.

The tool is called YellowKey. It was published on May 12, 2026, as a working proof of concept on GitHub. Windows 10 is not affected. There is no patch. Microsoft has not assigned a CVE number. And the researcher who found it believes it looks like something that was put there deliberately.