all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Created total BYOVD Kernel-level protection for Windows using Windows Defender Application Control and WDACConfig module

Add to bookmarks
July 10, 2023, 8:15 p.m. | /u/HotCakeXXXXXXXXXXXXX

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

This content can be used by both blue and purple teams.

This scenario involves removing the trust to any Kernel mode driver, whether they are vulnerable or not. **It does not affect User-mode binaries or drivers.**

Any 3rd party software or hardware Kernel mode driver needs to be explicitly allowed. This scenario protects against all BYOVD scenarios and much more.

Drivers can access the Kernel which is the core of the operating system. Microsoft requires all drivers to be digitally …

application application control blue blueteamsec byovd control defender driver drivers hardware kernel mode party protection purple scenario software teams trust vulnerable windows windows defender windows defender application control

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

CVE-2024-24919 Check Point 0-Day Remote Access VPN - or - aCSHELL/../../../../../../../ homepage/admin/.ssh/id_rsa * ssh admin@Host … 19 hours ago | www.reddit.com
blueteamsec
Australian court rules on appeal that Cyber Incident Response documents ARE NOT protected from legal … 22 hours ago | www.reddit.com
australian blueteamsec claim court +17
Snowflake Community: Detecting and Preventing Unauthorized User Access: Instructions 1 day, 13 hours ago | www.reddit.com
access blueteamsec community instructions +2
Linux rootkits explained – Part 1: Dynamic linker hijacking, Part 2: Loadable kernel modules 1 day, 13 hours ago | www.reddit.com
blueteamsec dynamic explained hijacking +5
NSA Releases Guidance on the Visibility and Analytics Pillar of Zero Trust 1 day, 14 hours ago | www.reddit.com
analytics blueteamsec guidance nsa +4
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware 2 days, 1 hour ago | www.reddit.com
blueteamsec civil civil society latvia +6
How malware authors play with the LNK file format 2 days, 13 hours ago | www.reddit.com
authors blueteamsec file lnk +3
The Pumpkin Eclipse 2 days, 16 hours ago | www.reddit.com
blueteamsec eclipse pumpkin
The Best Way to Start with AWS Security Hub 2 days, 16 hours ago | www.reddit.com
aws aws security hub blueteamsec hub +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com