AllTheThings - 5 Known App Whitelisting Bypasses

Discussion in 'other security issues & news' started by WildByDesign, Jul 16, 2016.

  1. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Link: https://github.com/subTee/AllTheThings
    By: Casey Smith (http://subt0x10.blogspot.com/ & https://twitter.com/subtee)

     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Thanx for posting, as it will be useful to those who havn't locked them down yet !

    On my XP/SP2 i only have regsvr32.exe & rundll32.exe which i've had locked down with ProcessGuard for years. And before that even on 98SE with a similar App.

    I would advise those that havn't to so ASAP
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    and so for 64 bit versions?
     
  4. hjlbx

    hjlbx Guest

    Same thing...
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    The article only mentions .Net 4 but those same modules also exist for .Net 2 and 3 and have been used by malware. So they also have to have their execution monitored.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.