McAfee Application Control is a security solution which implements the protection mechanism "application whitelisting". It basically creates a whitelist of installed and allowed applications and prevents the execution of new (unwanted and possibly malicious) applications afterwards.
I researched bypass techniques already in 2013 for the Kiras project in Austria (smart meter security), but could publish my results just two years later.
My research decribes various ways to bypass McAfee Application Control and Microsoft AppLocker. Most of these techniques can also be used to bypass similar products like AppSense, Microsoft DeviceGuard and so on.
I must also mention that a lot more bypass techniques were found in the last years. Most of these techniques were especially found by Casey Smith (@subTee), Oddvar Moe (@Oddvarmoe) and Matt Graeber (@mattifestation). They did an excellent job! A good summary of all these techniques can be found here: LOLBAS
Slides of my talk
English recorded talk
German recorded talk
Keine Kommentare:
Kommentar veröffentlichen