Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE 2021-28316)
There should have been a video here but your browser does not seem to support it. Summary By default, domain joined Windows workstations allow access to the network selection UI from the lock screen. An attacker with physical access to a locked device with WiFI capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a rogue access point and capture a MSCHAPV2 challenge response hash for the domain computer account....