Samstag, 1. August 2015

Bypassing McAfee Application Control (Application Whitelisting)

McAfee Application Control is a security solution which implements the protection mechanism "application whitelisting". It basically creates a whitelist of installed and allowed applications and prevents the execution of new (unwanted and possibly malicious) applications afterwards.

I researched bypass techniques already in 2013 for the Kiras project in Austria (smart meter security), but could publish my results just two years later.

My research decribes various ways to bypass McAfee Application Control and Microsoft AppLocker. Most of these techniques can also be used to bypass similar products like AppSense, Microsoft DeviceGuard and so on.

I must also mention that a lot more bypass techniques were found in the last years. Most of these techniques were especially found by Casey Smith (@subTee), Oddvar Moe (@Oddvarmoe) and Matt Graeber (@mattifestation). They did an excellent job! A good summary of all these techniques can be found here: LOLBAS

Slides of my talk

English recorded talk

German recorded talk


Keine Kommentare:

Kommentar veröffentlichen