[thaumasiotes]

> and the response was flow chart tech support with a "buy a webcam" cherry on top

I feel safe in saying that they don't want a video of you at your keyboard typing stuff. An exploit video is a recording of your screen, not of you.

[xethos]

Which, if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera

Doesn't sound like it for these exploits specifically (except Yellow Key), but I could be wrong, and again: that's just for these exploits specifically

[thaumasiotes]

> (USB or other HID, key combination)

I don't think you'd need an external camera for that. What you're doing would be mentioned in the accompanying report.

I do agree with you about the boot process, though.

[mook]

I believe Hyper-V supports emulating TPM these days, so doing things to a VM and recording the desktop with the VM window _may_ work. In this case though it'd look very boring because you couldn't tell from the recording that anything happened.

[xethos]

Personally I'd think Microsoft would be cool with following the report instead of demanding video evidence in the first place, but silly me thinking the trillion dollar multi-national would be reasonable

[tosti]

I've used cheap HDMI to USB adapters for that in the past. Worked fine albeit somewhat low res. (Still much better than a camera pointed at a screen.)

[no-name-here]

>>> flow chart tech support with a "buy a webcam" cherry on top

>> I feel safe in saying that they don't want a video of you at your keyboard typing stuff. An exploit video is a recording of your screen, not of you.

> if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera

That still wouldn't mean "buy a webcam" - if someone has had a mobile phone (smartphone or dumbphone) from recent decades, it likely had a camera included.

[itopaloglu83]

It feels like they’re trying put hurdles in front of you instead of getting info about repeatability of the vulnerability.