[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5694B4F1.9020407@sec-consult.com>
Date: Tue, 12 Jan 2016 09:10:25 +0100
From: SEC Consult Vulnerability Lab <research@...-consult.com>
To: <fulldisclosure@...lists.org>, <bugtraq@...urityfocus.com>
Subject: SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for
Critical Infrastructure Systems
SEC Consult Vulnerability Lab released a new whitepaper titled:
"Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems"
- the dinosaurs want their vuln back
Link to blog overview:
----------------------
Including slides from presentations on this topic (with details & demos on
vulnerabilites & vendor responses):
http://blog.sec-consult.com/2016/01/mcafee-application-control-dinosaurs.html
Direct link to whitepaper:
---------------------------
https://www.sec-consult.com/fxdata/seccons/prod/media/Whitepaper_Bypassing_McAfees_Application_Whitelisting_for_critical_infrastructure_systems_v1%200.pdf
Abstract:
---------
This paper describes the results of the research conducted by SEC Consult
Vulnerability Lab on the security of McAfee Application Control. This product is
an example of an application whitelisting solution which can be used to further
harden critical systems such as server systems in SCADA environments or client
systems with high security requirements like administrative workstations.
Application whitelisting is a concept which works by whitelisting all installed
software on a system and after that prevent the execution of not whitelisted
software. This should prevent the execution of malware and therefore protect
against advanced persistent threat (APT) attacks. McAfee Application Control is
an example of such a software. It can be installed on any system, however, the
main field of application is the protection of highly critical infrastructures.
While the core feature of the product is application whitelisting, it also
supports additional security features including write- and read-protection as
well as different memory corruption protections.
The paper will show:
* how application whitelisting can be bypassed in multiple ways
* how User-Account-Control can be bypassed on such protected systems
* how additional protections such as read- or write-protections can be
bypassed
* how additional memory corruption protections can easily be bypassed
* that the software can decrease the overall security of your operating
system
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult
Berlin - Frankfurt/Main - Montreal - Moscow
Singapore - Vienna (HQ) - Vilnius - Zurich
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult
Download attachment "smime.p7s" of type "application/pkcs7-signature" (3993 bytes)
Powered by blists - more mailing lists