In this post, the author discusses a bug, named bitpixie, which allows attackers to extract disk encryption keys on Windows 11 devices running Windows’ default “Device Encryption” setup without disassembling the laptop. The author guides readers through their research on the vulnerability and potential mitigations. The post also delves into how BitLocker works, detailing the importance of ease of use and the configuration of Device Encryption. The author reveals their motivation for the research, which stemmed from a challenge they encountered in a CTF competition. The post further explores the exploit steps and the exploitation plan for bitpixie.
https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver/