BitUnlocker：利用 Windows 恢复功能提取 BitLocker 密钥.pdf

《BitUnlocker：利用 Windows 恢复功能提取 BitLocker 密钥.pdf》由会员分享，可在线阅读，更多相关《BitUnlocker：利用 Windows 恢复功能提取 BitLocker 密钥.pdf（98页珍藏版）》请在三个皮匠报告上搜索。

1、BitUnlockerLeveraging Windows Recovery to Extract BitLocker SecretsMicrosoft Confidential|Internal Use OnlyAlon Leviev(alon_leviev)Security Researcher MicrosoftNetanel Ben Simon(NetanelBenSimon)Senior Security Researcher MicrosoftWho are we?Security Testing&Offensive Research at Microsoft(STORM)Agen

2、daResearch BackgroundVulnerabilities and ExploitationClosing RemarksWinRE OverviewResearch BackgroundData at Rest ProtectionDefend your sensitive data against theft scenariosData at Rest Protection Why Should You Care?According to research,a laptop is stolen every 53 seconds but how prepared are you

3、 for what comes next?The Guardian Did you know that laptop computer have a 1-in-10 chance of being stolen,which means there is a 10%chance for you to be the victim of laptop theft.Prey ProjectThe average value of a lost laptop is$49,246.This value is based on seven cost components:replacement cost,d

4、etection,forensics,data breach,lost IP costs,lost productivity,and legal,consulting and regulatory expenses.IntelBitLocker Windowss Data Protection CornerstoneBitLocker is a Full Volume Encryption(FVE)technologyHard DiskEFI VolumeOS VolumeRecovery VolumeBitLocker encrypted volumeFull physical access

5、No login credentialsBitLocker Threat ModelThe Hidden Attack Surface-The Windows Recovery Environment(WinRE)Physical attackers without logon credentials can directly boot into WinREShift+Finding new vulnerabilitiesHardening WinREFixing themExploiting themTargeting the Windows Recovery Environment(Win

6、RE)We performed a security review of WinRE focused on WinRE Overview1st Crash2nd CrashWinREWinRE OverviewWinRE is the recovery platform of WindowsWinRE is designed to recover from critical system issuesWindows OS WinRE Architecture Recovery OSWinRE is a lean Windows OS with recovery customizations(a