More and more entities are deploying Application Whitelisting to prevent malware and detect sophisticated intruders. Is this a viable defense? What are the mechanisms that can be used to evade detection and achieve action on objectives? How can an attacker circumvent this control? These are questions that we will explore in this talk. We have discovered a number of evasion tactics that cannot be patched. These techniques put organizations that deploy Whitelisting at risk. We will focus on techniques used in Windows Environments.
Casey Smith (@subtee) is a researcher with Veris Group Adaptive Threat Division. He has a passion for understanding and testing the limits of defensive systems.
Previous Talks & Publications: ShmooCon 2015 Simple Application Whitelisting Evasion https://youtu.be/85M1Rw6mh4U https://github.com/subTee/ShmooCon-2015
DerbyCon 2014 SSL MITM - PowerShell https://www.youtube.com/watch?v=Mii0BTglOBM
OWASP 2013 How Malware Attacks Web Applications https://www.youtube.com/watch?v=Mii0BTglOBM