Mind The Gap - Exploit Free Whitelisting Evasion Tactics

Presented at TROOPERS16 (2016), March 16, 2016, 10:30 a.m. (Unknown duration).

More and more entities are deploying Application Whitelisting to prevent malware and detect sophisticated intruders. Is this a viable defense? What are the mechanisms that can be used to evade detection and achieve action on objectives? How can an attacker circumvent this control? These are questions that we will explore in this talk. We have discovered a number of evasion tactics that cannot be patched. These techniques put organizations that deploy Whitelisting at risk. We will focus on techniques used in Windows Environments.

Presenters:

• Casey Smith
  Casey Smith (@subtee) is a researcher with Veris Group Adaptive Threat Division. He has a passion for understanding and testing the limits of defensive systems. Previous Talks & Publications: ShmooCon 2015 Simple Application Whitelisting Evasion https://youtu.be/85M1Rw6mh4U https://github.com/subTee/ShmooCon-2015 DerbyCon 2014 SSL MITM - PowerShell https://www.youtube.com/watch?v=Mii0BTglOBM OWASP 2013 How Malware Attacks Web Applications https://www.youtube.com/watch?v=Mii0BTglOBM

Links:

• https://troopers.de/events/troopers16/602_mind_the_gap_-_exploit_free_whitelisting_evasion_tactics/
• https://infocon.org/cons/TROOPERS/TROOPERS 2016/Mind The Gap.mp4
• https://troopers.de/media/filer_public/82/de/82de5e58-0bd1-447a-b4f9-8a908ad2ef70/mind_the_gap_-_final.pdf

Similar Presentations:

• BSidesLV 2015 / Practical Application Whitelisting Evasion
• ShmooCon XI (2015) / Simple Windows Application Whitelisting Evasion
• DeepSec 2015 „DeepSec No. 9“ / A Case Study on the Security of Application Whitelisting