Description: Application White Listing is being sold as the needed silver bullet to stop malware and APT style infections. While the presenters understand that something better than Anti-Virus is needed, we do not believe that there is or ever will be a silver bullet. The talk includes all of the details of our findings.
The results are in and we have found that Application White listing is nothing more than a small road block much like current Anti-Virus. We found that there are some very easy ways to get around this type of software due to lack of features, lack of understanding the current threat landscape and in some cases vulnerabilities in the software that allow complete bypass. We will take the audience through our testing methodology and findings. We tested Bit9 Parity, Microsoft AppLocker and McAfee Application control on both Windows XP and Windows 7. We will end the talk by releasing a Metasploit module that will give you the techniques we found successful so you can utilize these in your penetration testing. We will also leave everyone with some band aid fixes that you can implement until the vendors catch up and plug these holes.
Chris Cuevas is a senior security analyst with Secure Ideas, LLC. He has been involved in information security since 2004. Chris his experience at the University of FL included programming, system administration, and Security Manager for Florida Center for Library Automation. Chris holds many certifications including GCIH, GWAPT, and more.
Curt Shaffer is a Security Architect for Foreground Security. He has been in IT for over 13 years. He has helped startup two wireless ISPs and served as systems engineer from SMBs to international Federal Agencies. He holds many certifications such as CISSP, GPEN, and more.
Tags: securitytube , shmoocon , shmoo con , hacking , hackers , information security , convention , computer security , shmoo 12 , shmoocon 12 , shmoocon-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.