{"id":231872,"date":"2026-05-05T12:14:51","date_gmt":"2026-05-05T12:14:51","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=231872"},"modified":"2026-05-08T08:49:11","modified_gmt":"2026-05-08T08:49:11","slug":"contournement-bitlocker-la-realite-des-downgrade-attacks","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/","title":{"rendered":"BitLocker bypass: the reality of downgrade attacks"},"content":{"rendered":"<h2 class=\"wp-block-heading\" id=\"h-la-recherche-originale-de-microsoft-storm\">Microsoft&#039;s original STORM search<\/h2>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">In July 2025, the Microsoft STORM team released <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-security-blog\/bitunlocker-leveraging-windows-recovery-to-extract-bitlocker-secrets\/4442806\" id=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-security-blog\/bitunlocker-leveraging-windows-recovery-to-extract-bitlocker-secrets\/4442806\" target=\"_blank\" rel=\"noreferrer noopener\">a detailed article<\/a> This describes a complete attack chain against BitLocker, specifically targeting WinRE. The principle is as follows: the boot manager loads the System Deployment Image (SDI) file and the WIM referenced by it, and verifies the integrity of the legitimate WIM. However, when a second WIM is added to the SDI with a modified blob table, the boot manager checks the first (legitimate) WIM while simultaneously booting from the second (controlled by the attacker). This second WIM contains a WinRE image infected with `cmd.exe`, which executes with the decrypted BitLocker volume.<\/p>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-pourquoi-le-correctif-ne-suffit-pas\">Why is the fix not enough?<\/h2>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The fix is real, and updated machines did indeed receive a patched boot manager via Windows Update in July 2025, whether it was signed PCA 2011 or CA 2023. The problem lies elsewhere: <strong>Secure Boot only verifies the signing certificate of a binary, not its version<\/strong>. A vulnerable `bootmgfw.efi` from before July 2025, signed with the PCA 2011 certificate, is perfectly valid from the point of view of Secure Boot, just as much as the patched version.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, the old PCA 2011 certificate was not revoked en masse, because it is a <a href=\"https:\/\/neodyme.io\/en\/blog\/bitlocker_why_no_fix\/#revocations-they-scream\" target=\"_blank\" rel=\"noreferrer noopener\">a real operational challenge for Microsoft<\/a>. It is still present in the Secure Boot database of almost all machines in use (excluding new Windows installations). And as long as it is not revoked, even an old, vulnerable boot manager can be loaded without triggering an alert.<\/p>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-l-attaque-en-pratique\">The attack in practice<\/h2>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Directly inspired by the work of Microsoft STORM and by our previous experience with <a href=\"https:\/\/github.com\/garatc\/bitpixie\" id=\"https:\/\/github.com\/garatc\/bitpixie\" target=\"_blank\" rel=\"noreferrer noopener\">bitpixie<\/a>, We have developed a PoC that exploits this vulnerability, including on up-to-date systems (but which have therefore not deployed the other mitigations).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The principle is as follows:<\/p>\n\n\n\n<ol style=\"padding-left:1.2em;margin-top:0.5em\">\n<li>The attacker has physical access to the target workstation<\/li>\n<li>It prepares a modified BCD file that redirects WinRE input to a trapped SDI file<\/li>\n<li>Via USB or PXE (for example), it serves an old, vulnerable boot manager signed in PCA 2011, the modified BCD, and the SDI containing the compromised WinRE image.<\/li>\n<li>The target machine boots, loads the old boot manager, which in turn loads the compromised WinRE without detecting the manipulation.<\/li>\n<li>The TPM releases the BitLocker key normally \u2014 PCR measures 7 and 11 remain valid because PCA 2011 is recognized by Secure Boot<\/li>\n<li>A terminal opens with the OS volume decrypted and mounted.<\/li>\n<\/ol>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The entire operation takes a few minutes, without requiring complex equipment.<\/p>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-95710d7e wp-block-buttons-is-layout-flex\" style=\"margin-bottom:3em\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/github.com\/garatc\/BitUnlocker\">PoC available here<\/a><\/div>\n<\/div>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-comment-s-en-premunir\">How can we protect ourselves from it?<\/h2>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">As we mentioned in <a href=\"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-alternative-tpm-sniffing\/\" id=\"https:\/\/www.intrinsec.com\/contournement-bitlocker-alternative-tpm-sniffing\/\" target=\"_blank\" rel=\"noreferrer noopener\">our previous article on bitpixie<\/a>, The main recommendation remains the same as for most BitLocker attacks: <strong>enable a PIN at startup<\/strong>. This is the only measure that reliably protects against these attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Beyond the PIN, Microsoft recommends <strong>Migrate the boot manager to the CA 2023 certificate<\/strong> and <strong>revoke the old PCA 2011 certificate<\/strong> via the procedure described in the <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d\">KB5025885<\/a>, This also enables new boot manager version tracking via SVN (Secure Version Number). However, this migration is cumbersome for users, which explains why it is still far from being widespread.<\/p>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-vous-souhaitez-securiser-vos-postes-contre-bitunlocker-et-autres-attaques-physiques\">Do you want to secure your computers against BitUnlocker and other physical attacks? <\/h2>\n\n\n\n<div style=\"margin-bottom:3em\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Individual measures (BitLocker PIN, Secure Boot certificate upgrades, etc.) are not always sufficient to secure a large fleet. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Intrinsec, a pure-play cybersecurity company for 30 years and PASSI-certified by ANSSI, offers several concrete services to support you: <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u2013 <strong>Cybersecurity audit<\/strong> : Workstation security assessment, Bitlocker and TPM configuration, Windows workstation hardening. <a href=\"https:\/\/www.intrinsec.com\/en\/audit-cybersecurite\/\">Learn more<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u2013 <strong>Penetration testing (Pentest)<\/strong> : simulation of physical attacks (TPM-sniffing, BitUnlocker, etc.) on your workstations and servers. <a href=\"https:\/\/www.intrinsec.com\/en\/test-intrusion\/\">Learn more<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u2013 <strong>Support for achieving compliance<\/strong> : alignment of BitLocker policies, UEFI, patches and certificate management with Microsoft recommendations (KB5025885, CA 2023, etc.). <a href=\"https:\/\/www.intrinsec.com\/en\/conformite-cadres-reglementaires\/\">Learn more <\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u2013 <strong>SOC \/ CERT Intrinsec<\/strong> : detection of attack attempts and response in case of an incident related to encryption bypass. <a href=\"https:\/\/www.intrinsec.com\/en\/cert-intrinsec\/\">Learn more<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>","protected":false},"excerpt":{"rendered":"<p>La recherche originale de Microsoft STORM En juillet 2025, l&rsquo;\u00e9quipe Microsoft STORM a publi\u00e9 un [&hellip;]<\/p>\n","protected":false},"author":51,"featured_media":231883,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[180,88],"class_list":["post-231872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-evaluation-securite","tag-evaluation","tag-pentest"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.9 (Yoast SEO v28.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks - INTRINSEC<\/title>\n<meta name=\"description\" content=\"D\u00e9couvrez le contournement BitLocker et la r\u00e9alit\u00e9 des downgrade attacks face \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-48804.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks\" \/>\n<meta property=\"og:description\" content=\"D\u00e9couvrez le contournement BitLocker et la r\u00e9alit\u00e9 des downgrade attacks face \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-48804.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-05T12:14:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-08T08:49:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/05\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1456\" \/>\n\t<meta property=\"og:image:height\" content=\"816\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Cassius GARAT\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cassius GARAT\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/\"},\"author\":{\"name\":\"Cassius GARAT\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/9b7fe59e1d71550521fc716181f6de42\"},\"headline\":\"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks\",\"datePublished\":\"2026-05-05T12:14:51+00:00\",\"dateModified\":\"2026-05-08T08:49:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/\"},\"wordCount\":754,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png\",\"keywords\":[\"Evaluation\",\"pentest\"],\"articleSection\":[\"S\u00e9curit\u00e9 offensive &amp; Audit\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/\",\"name\":\"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png\",\"datePublished\":\"2026-05-05T12:14:51+00:00\",\"dateModified\":\"2026-05-08T08:49:11+00:00\",\"description\":\"D\u00e9couvrez le contournement BitLocker et la r\u00e9alit\u00e9 des downgrade attacks face \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-48804.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png\",\"width\":1456,\"height\":816,\"caption\":\"bitlocker\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/contournement-bitlocker-la-realite-des-downgrade-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/9b7fe59e1d71550521fc716181f6de42\",\"name\":\"Cassius GARAT\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/00b9201f468ad7ffb27e35e1f0a9212ea99a6439a50abb73facc0705abc1bad5?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/00b9201f468ad7ffb27e35e1f0a9212ea99a6439a50abb73facc0705abc1bad5?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/00b9201f468ad7ffb27e35e1f0a9212ea99a6439a50abb73facc0705abc1bad5?s=96&d=retro&r=g\",\"caption\":\"Cassius GARAT\"},\"sameAs\":[\"https:\\\/\\\/github.com\\\/garatc\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/cassius-garat\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"BitLocker Bypass: The Reality of Downgrade Attacks - INTRINSEC","description":"Discover the BitLocker bypass and the reality of downgrade attacks in the face of the CVE-2025-48804 vulnerability.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks","og_description":"D\u00e9couvrez le contournement BitLocker et la r\u00e9alit\u00e9 des downgrade attacks face \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-48804.","og_url":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/","og_site_name":"INTRINSEC","article_published_time":"2026-05-05T12:14:51+00:00","article_modified_time":"2026-05-08T08:49:11+00:00","og_image":[{"width":1456,"height":816,"url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/05\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png","type":"image\/png"}],"author":"Cassius GARAT","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Cassius GARAT","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/"},"author":{"name":"Cassius GARAT","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/9b7fe59e1d71550521fc716181f6de42"},"headline":"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks","datePublished":"2026-05-05T12:14:51+00:00","dateModified":"2026-05-08T08:49:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/"},"wordCount":754,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/05\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png","keywords":["Evaluation","pentest"],"articleSection":["S\u00e9curit\u00e9 offensive &amp; Audit"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/","url":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/","name":"BitLocker Bypass: The Reality of Downgrade Attacks - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/05\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png","datePublished":"2026-05-05T12:14:51+00:00","dateModified":"2026-05-08T08:49:11+00:00","description":"Discover the BitLocker bypass and the reality of downgrade attacks in the face of the CVE-2025-48804 vulnerability.","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#primaryimage","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/05\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/05\/guttest192_illustration_of_a_hacker_after_a_cyber_attack_in_the_0a9921c2-9a0c-4a85-bf2e-370c7a6e0dc7.png","width":1456,"height":816,"caption":"bitlocker"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/en\/contournement-bitlocker-la-realite-des-downgrade-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Contournement BitLocker : la r\u00e9alit\u00e9 des downgrade attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/9b7fe59e1d71550521fc716181f6de42","name":"Cassius GARAT","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/00b9201f468ad7ffb27e35e1f0a9212ea99a6439a50abb73facc0705abc1bad5?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/00b9201f468ad7ffb27e35e1f0a9212ea99a6439a50abb73facc0705abc1bad5?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/00b9201f468ad7ffb27e35e1f0a9212ea99a6439a50abb73facc0705abc1bad5?s=96&d=retro&r=g","caption":"Cassius GARAT"},"sameAs":["https:\/\/github.com\/garatc"],"url":"https:\/\/www.intrinsec.com\/en\/author\/cassius-garat\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/231872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/51"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=231872"}],"version-history":[{"count":24,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/231872\/revisions"}],"predecessor-version":[{"id":231953,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/231872\/revisions\/231953"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media\/231883"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=231872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=231872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=231872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}