From 7d2e509200b4be0b61b528344ab61a6303408d8d Mon Sep 17 00:00:00 2001
From: Nightmare-Eclipse <msnightmare@proton.me>
Date: Thu, 11 Jun 2026 03:04:04 +0200
Subject: [PATCH] Update README.md

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index fa4f879..a9b56ef 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,9 @@
 # GreatXML
 GreatXML bitlocker bypass vulnerability
+
+Steps to reproduce, 
+
+1. If defender offline scan was initiated in the victim machine at any point then there is no need to login, the machine is automatically vulnerable. You will have to copy "unattend.xml" and "Recovery" directory to the root of the recovery partition then reboot to WinRE using shift + click on restart button, if everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn.
+2. If defender offline scan was never initiated then you have to either login and initiate it yourself or figure out a way to boot into WinRE in offline scan state (I believe it should be very possible to do so without logging in) and follow steps above
+
+If everything is done properly, this should be the result