Getting Started With AppLocker
John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take […]
whitelisting
Webcast: Implementing Sysmon and Applocker
Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ImplementingSysmonAppLocker.pdf 5:03 Introduction, problem statement, and executive problem […]
Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up
Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]
Digging Deeper into Vulnerable Windows Services
Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]
How to Evade Application Whitelisting Using REGSVR32
Joff Thyer // I was recently working on a Red Team for a customer that was very much up to date with their defenses. This customer had tight egress controls, […]
How to Bypass Application Whitelisting & AV
Brian Fehrman // There are numerous methods that have been published to bypass Anti-Virus products. As a result, many companies are beginning to realize that application whitelisting is another tool […]