Deactivating Endpoint Protection Software in an Unauthorized Manner

Presented at DeepSec 2015 „DeepSec No. 9“, Nov. 19, 2015, 4 p.m. (50 minutes)

Many endpoint protection software like antivirus or firewall software offer a password protection in order to restrict the access to management functionalities to authorized users only, for example to deactivate protection features temporarily. In this talk, it will be demonstrated how different popular, widely-used endpoint protection software products can be deactivated by low-privileged users or malware in an unauthorized manner.

Presenters:

• Matthias Deeg - SySS GmbH
  Matthias is interested in information technology - especially IT security - since his early days and has a great interest in seeing whether security assumptions in soft-, firm- or hardware hold true when taking a closer look. He has more than 8 years of professional experience in the field of information security and currently works as IT security consultant and leader of R&D for the IT security company SySS GmbH.

Links:

• https://deepsec.net/archive/2015.deepsec.net/speaker.html#PSLOT205
• https://infocon.org/cons/DeepSec/DeepSec 2015/Deactivating Endpoint Protection Software in an Unauthorized Manner Matthias Deeg.mp4
• https://infocon.org/cons/DeepSec/DeepSec 2015/Deactivating Endpoint Protection Software in an Unauthorized Manner Matthias Deeg.srt (subtitles)

Similar Presentations:

• Kawaiicon (2019) / Endpoint Protection - Don't Believe Everything You Read
• Diana Initiative 2018 / Endpoint Protection: Behind the ML and smoke screens