Task 1: Windows 10 Local PE

Step 1

• Mount the Windows 10 disk image before turning on the Windows 10 VM and start the installation process.

Step 2

• Access cmd.exe in Repair mode

Step 3

• Select the Troubleshoot option.

Step 4

• Then go to Advanced options and choose the Command Prompt.

Step 5

• Bypass Windows Defender protection using bcdedit and the safeboot option. You will back up and replace the osk.exe file. Do this by typing the command bcdedit /set {default} safeboot minimal.

Step 6

• After, change directories to the D:\Windows\System32 drive. Then make a copy of the osk.exe.

Step 7

• Try to load cmd.exe through the On-Screen Keyboard and check which privilege level the CMD is running with.

Task 2: Windows Local PE Mitigation

Step 1

• Turn off the safeboot setting in the command line interface with bcdedit /deletevalue {default} safeboot

Step 2

• Create a shared folder between the Windows 10 machine and your host PC.

Step 3

• Enter the local computer policy editor. Locate the “Require additional authentication at startup” group policy found under Administrative Template>Windows Component>Bitlocker Drive Encryption>Operating System Drives.

Step 4

• Enable the policy (make sure to select Requires a password or a startup key on a USB flash drive) and encrypt drive C with BitLocker. Use Aa123456! for the password.

Step 5

• Once completed, enable Bitlocker on the C drive and encrypt only the used space on the drive.