Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Windows Lock screen on an open computer is what makes physical attacks hard. Otherwise, an attacker could waltz right in and steal all of the information on the computer.

A post in Jonaslyk described a flaw in 2020 that allowed for the settings to be hit via the sticky keys pop. Once in the settings, it is trivial to pass the lockscreen.

From this finding, the author was curious if any other bypasses were possible and testing many features. If a computer has a Microsoft account hooked up to the computer, this can be used to reset the password on the computer.

When typing in a wrong password, a small arrow appears next to the email address. By clicking on this icon a pop up with a link appears about using physical security keys. Clicking on this link does nothing! What if this opens up the settings in the background?

The original post mentions using narrator to help navigate what is going on. Since the page is in the background (and not seeable), it is really easy to miss this! This opens the how to open screen. Using the narrator, we can open Microsoft Edge to open up the settings to do malicious things!

To make matters better for the attacker, the user is NT AUTHORITY\Authenticated Users! So, we can do whatever we want on the computer we full access.

It is insane that these bugs still exist in such mature operating systems. Interesting article on a Kiosk-like escape.