← Back to context

Comment by xethos

1 month ago

Which, if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera

Doesn't sound like it for these exploits specifically (except Yellow Key), but I could be wrong, and again: that's just for these exploits specifically

> (USB or other HID, key combination)

I don't think you'd need an external camera for that. What you're doing would be mentioned in the accompanying report.

I do agree with you about the boot process, though.

  • I believe Hyper-V supports emulating TPM these days, so doing things to a VM and recording the desktop with the VM window _may_ work. In this case though it'd look very boring because you couldn't tell from the recording that anything happened.

  • Personally I'd think Microsoft would be cool with following the report instead of demanding video evidence in the first place, but silly me thinking the trillion dollar multi-national would be reasonable

I've used cheap HDMI to USB adapters for that in the past. Worked fine albeit somewhat low res. (Still much better than a camera pointed at a screen.)

>>> flow chart tech support with a "buy a webcam" cherry on top

>> I feel safe in saying that they don't want a video of you at your keyboard typing stuff. An exploit video is a recording of your screen, not of you.

> if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera

That still wouldn't mean "buy a webcam" - if someone has had a mobile phone (smartphone or dumbphone) from recent decades, it likely had a camera included.