Nightmare Eclipse: Announcing Bitskrieg
Friday, 29 May 2026
Announcing Bitskrieg
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA512
Soooo, something extremely funny is happening.
After the recent events, multiple researchers reached out to me and some just literally gave me free vulnerabilities...<br>One of them was JonasLyk, he did most work, I just did the emotional support part. But he found a way to violate secure boot trust, it's not a full secure boot bypass but it breaks the guarantees secure boot is supposed provide. We believe this be used to compromise confidential virtual machines but we're not really sure if that's possible since we don't have access to such technologies.<br>One thing we're sure of, is it fully bypasses bitlocker.
The bug will be released sometime in June ;)<br>-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCahqAywAKCRDFFoRCS0/S<br>bHA+AQCILdI4RpsBgQlBXMj+AiDQAD7pY66DzWb20jqqAh1FTQEAiGtNbE8T337u<br>wzeziu45/o+T4PdtQw+3sTInYFf56A8=<br>=V+4y<br>-----END PGP SIGNATURE-----
at
May 29, 2026
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
23 comments:
John30 May 2026 at 07:35<br>This comment has been removed by the author.<br>ReplyDelete<br>Replies<br>Reply
wh0crypt30 May 2026 at 13:58<br>perhaps you could try to host stuff on codeberg<br>ReplyDelete<br>Replies<br>Melroy31 May 2026 at 15:22<br>Tor makes more sense<br>Delete<br>Replies<br>Reply
Reply
X30 May 2026 at 14:30<br>now we can show microslop what it is like when you don't listen to your customers especially those that want to help you, bunch of lazy idiots.
you literally have security researchers wanting to report issues yet your lazy braindead asses don't seem to comprehend it.<br>ReplyDelete<br>Replies<br>John30 May 2026 at 14:41<br>This comment has been removed by the author.<br>Delete<br>Replies<br>Reply
Reply
ek0ms savi0r30 May 2026 at 16:43<br>https://churchofmalware.org has built you a personal git on their site. We are currently hosting all the code banned from GitHub and gitlab for you on our site, but would like you to be able to publish code whenever you like without restrictions also. We are your sanctuary. Contact info can be found on our site. Malware bless<br>ReplyDelete<br>Replies<br>Reply
Nossy31 May 2026 at 00:33<br>Bring it on. Can't wait to see it.<br>ReplyDelete<br>Replies<br>Reply
Mastercodeon31 May 2026 at 09:43<br>Hey Nightmare, I've been following your work ever since you dropped bluehammer back in march. I have also had the exact same experience you have been having with microslop, back in 2022 late, early 2023 i reported a major zero day involving Nuget packages, and they responded by saying the exploit i found was not an exploit, but rather a feature intended by design.<br>I can very much relate to your struggles, both on the security research aspect and the lack of housing.<br>I've been in the shadows finding all kinds of way to screw up windows and nasty things i can do to the OS, so id love to connect and work with ya. I also have a vast wealth of knowledge on tips and tricks for making it on the streets for as I've been out there most of my adult life. Even hitch hiked around the USA.<br>You're brilliant man, and would love to share with you some of the work I've done in the past. Imagine chaining bluehammer with a nuget vuln; install blah nuget package, and watch as you get system access via RCE (yes i turned mine into an rce).<br>also would highly recommend looking into UAC bypasses, cause there's already many ways to get around UAC, but I'm sure there's many more as well.<br>Hope to hear back from you, and stay safe out there man! If youd like to contact me, feel free to ask for my cord or tg handle, or you can reach out to me via email. Looking forward to seeing you expose MS' horrible security practices even more!
ReplyDelete<br>Replies<br>Reply
ACD42131 May 2026 at 09:56<br>I got one for you for immediate publish since MSRC is now fucking me over. Give me a comms channel :) full azure takeovers.<br>ReplyDelete<br>Replies<br>Mastercodeon31 May 2026 at 09:58<br>ooooof, sounds like typical MSRC. They told me that my Nuget RCE was "intended functionality by design" and closed my report. A whole ass rce in nuget packges, like wtf smh<br>Delete<br>Replies<br>Reply
ACD42131 May 2026 at 09:59<br>This comment has been removed by the author.<br>Delete<br>Replies<br>Reply
ACD42131 May 2026 at 10:00<br>I get it a bunch of bullshit. MSRC has fucked around too much.<br>Delete<br>Replies<br>Reply
Mastercodeon31 May 2026 at 10:19<br>Honestly tho, why im happy to see people like u and nightmare start showing MSRC why they need to start taking shit seriously!<br>Delete<br>Replies<br>Reply
ACD42131 May 2026 at 11:15<br>I was hoping to give to him. I was going to publish tomorrow but he has the audience 😆 🤣 😂 that was it's absolutely devastating I even have msrc communicative chain videos of my submission and them saying hey it doesn't matter that's the customers fault.<br>Delete<br>Replies<br>Reply
Nossy31 May 2026 at 13:32<br>Would signal or tg work?<br>Delete<br>Replies<br>Reply
ACD42131 May 2026 at 15:06<br>Yarp<br>Delete<br>Replies<br>Reply
Marina31...