Hacking the Windows S Mode

Hacking the Windows S Mode

HomeOther ContentHacking the Windows S Mode
Sources from Enderman, Youtube on Youtube Published 2 years ago
ChannelPublish DateThumbnail & View CountActions
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Channel URL not found
Huge thanks to Goldengamer842 for the following idea!

Hello, my friends! Let’s hit 20K likes? Check out my website! https://enderman.ch
Today I am going to show you how to hack a Windows 10 S Mode system to run .exe and sideload .dll applications. Is that worth it? Probably not. Is that awesome? Hell yes. The way S Mode works is really simple, Microsoft just took their application control implementation and simply turned the Windows Defender Code Integrity service on with a signed Microsoft policy.

*DIY:*
1. Enter group policy editor, find the Device Guard policy. It is located in ////Computer Configuration//Administrative Templates//System.
2. Disable both settings.
3. Find the winsipolicy.p7b files in %systemroot%//Boot//EFI and %systemroot%//WinSxS and delete both files.
4. Reboot into PE (you will not be able to access ESP normally as no Command Prompt is available).
5. Mount ESP (EFI System Partition), locate winsipolicy.p7b in %root%//EFI//Microsoft//Boot and delete it as well.
6. Profit!

*Install command:* dism.exe /apply-image /imagefile:windows10shacked.wim /index:1 /applydir:?://
*Install tutorial:* https://youtu.be/JxJ6a-PY1KA

*Links:*
Windows 10 S (Hacked) – https://files.enderman.ch/uploads/Windows10SHacked.wim

Windows 10 S (Installer) – https://files.enderman.ch/uploads/Windows10SInstaller5932.exe
Windows 10 S (ESD) – https://files.enderman.ch/uploads/16299.125.171213-1220.rs3_release_svc_refresh_CLIENTCONSUMER_RET_X64FRE_en-us.esd

Device Guard basics (in Russian) – https://go.enderman.ch/yC3W7
App Control for Business – https://go.enderman.ch/vmXpZ
PKCS7 certificates – https://go.enderman.ch/cBCqG

*Password:*
mysubsarethebest

*Timestamps:*
0:00 – Intro
0:22 – History of S Mode
1:36 – Acquiring the image
2:59 – Installing
4:14 – Early ideas
5:14 – Boot Command Prompt Exploit (BCPE)
6:30 – Boot Task Manager Exploit (BTME)
7:25 – Major breakthrough
8:09 – Device Guard settings
9:29 – WDAC Policies
11:06 – Malware removal
13:00 – Outcome
13:36 – Final product
15:36 – Outro

Still got questions? Don’t hesitate, send them to [email protected]!
Hope you have a great day!

#endermanch #experiments #windows

Please take the opportunity to connect and share this video with your friends and family if you find it useful.