It's a bit of an old subject, but like I said before, the tools to stop these kind of attacks already exist. It's the IT departments that are doing a horrible job. https://medium.com/@networksecurity...lity-of-enterprise-it-d691fa7ca29b#.tcgypt7wz
@Rasheed187 Yeah, the above is a realistic argument for whitelisting IMO, at least in office environments. You can't make it impossible to get in, but you don't have to leave it that easy either. Edit: Mind, it doesn't help that whitelisting products/methods for Windows tend to be awful, obscure, or both. Edit 2: per another thread, whitelisting vs. the attack mentioned above should be possible just using NTFS ACLs. I wonder if there's a Puppet module for stuff like this.
Yes white-listing can of course be bypassed, but there are so many other solutions like anti-exploit, HIPS and sandboxing. If combined it's almost impossible to hack systems without the use of kernel exploits.
