lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5694B4F1.9020407@sec-consult.com>
Date: Tue, 12 Jan 2016 09:10:25 +0100
From: SEC Consult Vulnerability Lab <research@...-consult.com>
To: <fulldisclosure@...lists.org>, <bugtraq@...urityfocus.com>
Subject: SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for
 Critical Infrastructure Systems

SEC Consult Vulnerability Lab released a new whitepaper titled:

"Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems"
- the dinosaurs want their vuln back

Link to blog overview:
----------------------
Including slides from presentations on this topic (with details & demos on
vulnerabilites & vendor responses):

http://blog.sec-consult.com/2016/01/mcafee-application-control-dinosaurs.html


Direct link to whitepaper:
---------------------------
https://www.sec-consult.com/fxdata/seccons/prod/media/Whitepaper_Bypassing_McAfees_Application_Whitelisting_for_critical_infrastructure_systems_v1%200.pdf


Abstract:
---------
This paper describes the results of the research conducted by SEC Consult
Vulnerability Lab on the security of McAfee Application Control. This product is
an example of an application whitelisting solution which can be used to further
harden critical systems such as server systems in SCADA environments or client
systems with high security requirements like administrative workstations.
Application whitelisting is a concept which works by whitelisting all installed
software on a system and after that prevent the execution of not whitelisted
software. This should prevent the execution of malware and therefore protect
against advanced persistent threat (APT) attacks. McAfee Application Control is
an example of such a software. It can be installed on any system, however, the
main field of application is the protection of highly critical infrastructures.
While the core feature of the product is application whitelisting, it also
supports additional security features including write- and read-protection as
well as different memory corruption protections.

The paper will show:

  *  how application whitelisting can be bypassed in multiple ways
  *  how User-Account-Control can be bypassed on such protected systems
  *  how additional protections such as read- or write-protections can be
     bypassed
  *  how additional memory corruption protections can easily be bypassed
  *  that the software can decrease the overall security of your operating
     system


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab

SEC Consult
Berlin - Frankfurt/Main - Montreal - Moscow
Singapore - Vienna (HQ) - Vilnius - Zurich

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult


Download attachment "smime.p7s" of type "application/pkcs7-signature" (3993 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ