Windows: Read Bitlocker encrypted drive in Windows PE

February 15, 2015 rootBlog Leave a comment

Hi,

in WinPE it is possible to read bitlocker encrypted drives.

Check state
manage-bde -status c:

If the drive is only protected by a password use
manage-bde -unlock c: -pw
Continue reading Windows: Read Bitlocker encrypted drive in Windows PE →

Security, Windows knowhow

Windows: Recover lost passwords from memory

February 11, 2015 Michael Albert 2 Comments

Hi,

if a User is logged on and forget it’s password you can dump to lsa process and recover the password from a dump file.

Two tools are needed:

Microsoft’s sysinternals procdump
mimikatz. A tool to play with windows security. Take care when download precompiled binaries. Better get the source code from github and compile it yourself. Its very easy

Lets start. Login as a User with administrator permissions and dump the lsass process
Continue reading Windows: Recover lost passwords from memory →

VirtualBox

Virtualbox: VM does not start after creating a snapshot. EFail (0x80004005)

January 27, 2015 Michael Albert 57 Comments

Hi,

when using vhd disks or when you convert other disk formats (vmdk, vhd) to vdi and you create a snapshot, the virtual machine won’t boot.

An error occurs while starting the vm:

Fehlercode: E_FAIL (0x80004005)
Component: ProgressProxy
Interface: IProgress {c20238e4-3221-4d3f-8891-81ce92d9f913}

In this case the manager for virtual medias shows an error that the parent UUID of the snapshot file does not matches the UUID of parent medium stored in the media registry c:\Users\Username\.virtualbox\VirtualBox.xml.

This can be fixed 🙂 Get the UUID of the parent disk
Continue reading Virtualbox: VM does not start after creating a snapshot. EFail (0x80004005) →