Device Guard and PcaCertificate, part 2
2018-04-24 11:37 | Lasse Trolle Borup
Application whitelisting is a strong control. Implemented correctly it will stop unskilled attackers before they get a foothold in the network, and slow down or trigger detection for skilled attackers.
In this post we show how to use a vulnerable signed executable to bypass improperly implemented Device Guard policies to bootstrap the loading of unsigned executables.