AllTheThings - 5 Known App Whitelisting Bypasses

Discussion in 'other security issues & news' started by WildByDesign, Jul 16, 2016.

  1. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,637
    Location:
    Toronto, Canada
    Link: https://github.com/subTee/AllTheThings
    By: Casey Smith (http://subt0x10.blogspot.com/ & https://twitter.com/subtee)

     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Thanx for posting, as it will be useful to those who havn't locked them down yet !

    On my XP/SP2 i only have regsvr32.exe & rundll32.exe which i've had locked down with ProcessGuard for years. And before that even on 98SE with a similar App.

    I would advise those that havn't to so ASAP
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,181
    and so for 64 bit versions?
     
  4. hjlbx

    hjlbx Guest

    Same thing...
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The article only mentions .Net 4 but those same modules also exist for .Net 2 and 3 and have been used by malware. So they also have to have their execution monitored.
     
Loading...