HackDig : Dig high-quality web security articles for hacker

SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems

2016-01-12 04:55
SEC Consult Vulnerability Lab released a new whitepaper titled:

"Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems"
- the dinosaurs want their vuln back

Link to blog overview:
Including slides from presentations on this topic (with details & demos on
vulnerabilites & vendor responses):


Direct link to whitepaper:

This paper describes the results of the research conducted by SEC Consult
Vulnerability Lab on the security of McAfee Application Control. This product is
an example of an application whitelisting solution which can be used to further
harden critical systems such as server systems in SCADA environments or client
systems with high security requirements like administrative workstations.
Application whitelisting is a concept which works by whitelisting all installed
software on a system and after that prevent the execution of not whitelisted
software. This should prevent the execution of malware and therefore protect
against advanced persistent threat (APT) attacks. McAfee Application Control is
an example of such a software. It can be installed on any system, however, the
main field of application is the protection of highly critical infrastructures.
While the core feature of the product is application whitelisting, it also
supports additional security features including write- and read-protection as
well as different memory corruption protections.

The paper will show:

* how application whitelisting can be bypassed in multiple ways
* how User-Account-Control can be bypassed on such protected systems
* how additional protections such as read- or write-protections can be
* how additional memory corruption protections can easily be bypassed
* that the software can decrease the overall security of your operating

SEC Consult Vulnerability Lab

SEC Consult
Berlin - Frankfurt/Main - Montreal - Moscow
Singapore - Vienna (HQ) - Vilnius - Zurich

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

Description: S/MIME Cryptographic Signature

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 93/naJ/6102/erusolcsidlluf/gro.stsilces

Read:1960 | Comments:0 | Tags:No Tag

“SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud