Presentations - Bypassing application whitelisting in critical infrastructures

  • Location: Security Theater
  • Speaker: René Freingruber
  • Date and time: 21. October 2016. 12:40 - 13:25

Application whitelisting is a concept which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. It works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. In this talk we discuss the general security of such a concept and what holes are still open for attackers. Moreover the security of the memory corruption protections will be discussed. At the end some product related design flaws and vulnerabilities will be presented.