my tweets are severely limited by my lack of understanding of what I am doing.
Windows 10 Enterprise with Secure Boot enabled with Credential Guard enabled stops Petya in its tracks. All built in features.
-
My working theory was that Secure Boot would prevent the system from booting after tampering, stopping it from reaching fake CHKDSK stage
Secure Boot ignores MBR as it books from UEFI, so you don't go into tampered boot