Microsoft Security | Active Directory Federation Services
Federated identity management using Active Directory Federation Services
Help identifying exploit of new devices initial setup of Windows 11
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 23%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENF%3C/text%3E%3C/svg%3E)
nothing face
0
Reputation points
Purchased a MSI Crosshair 18HX AI from Costco, I connected to a home network for the initial setup, created a new login account with a new email. After login, I installed 'Harden System Security' and 'AppControl Manager' from the Microsoft playstore then disconnect ethernet. As soon as I began applying the restrictions and policies, many would quickly be reverted. There were tons of hidden bogus 'optional features' installed, fake certs, hijacked drivers OEM software. The system had been fully compromised during the installation. No devices had been connected, clouds synced, etc. I have all of the EventLogs and System Logs for analysist. I don't know how exactly the inner workings of a Windows network installation, but from what I can tell somehow the connection was hijacked to instead install a partial existing system with hardware specific drivers/exploitation tools. Payloads delivered via Remote Management, AppX and OneApp and Power Shell scripts for system elevated-privileges.
This is probably the wrong place to request support on this issue. I can provide more detail along with the systems logs, mem dumps, etc.
Microsoft Security | Active Directory Federation Services
Sign in to answer