RedTeam
Others
Physical-Pentesting
Kon Boot

Information

Starting from 3.5 version (commercial licenses) Kon-Boot is able to bypass Secure Boot protection on PCs.

There are limitations to this method: depending on the UEFI firmware updates it may not be supported (newest UEFI firmware updates often prevent the bypass from working because of the revoked signed keys, in this case you need to disable the SecureBoot in BIOS manually, see section below).

Commands

Following tutorial explains how to boot Kon-Boot while the Secure Boot option is enabled in BIOS:

  1. Prepare your Kon-Boot USB pendrive with Secure Boot Bypass option enabled Secure Boot Enable Installation
  2. Boot your target computer with Kon-Boot pendrive
  3. Enroll selected key as presented on the image below: 
  4. Secure Boot Enroll Key
  5. Reboot, Kon-Boot should be loaded automatically
    • Bypass Windows (Enable Secure Boot)

More Information

To find more information about the following, check the Kon-boot website ---> https://kon-boot.com/docs/windows_guide/ (opens in a new tab)

MobsfGps Spoofing