Description
App Control is the latest Microsoft solution to determine what application are allowed to run on Windows 11. To increase the security, it is possible to create signed policies that even should prevent administrators from changing the policies.
One day, Microsoft introduced Managed Installer to simplify installation and updating of App Control rules - gues what: It allows to completely bypass any signed App Control policy.
During this talk we will explain the basic idea befind App Control and explain and demonstrate an attack were the Managed Installer rule is abused by an attacker with administrative privileges to bypass any App Control policies. The attack is automated using PowerShell to setup the necessary App Locker ruleset and define PowerShell as Managed Installer allowing an attacker to download and execute any arbitrary software.
Optional: Speaker / convener biography
With over a decade of experience in the field, Christian Biehler is a seasoned IT security expert who combines the perspectives of a hacker, penetration tester, consultant, and trainer. His technical focus lies in securing Windows infrastructures and the Microsoft Cloud stack, including Entra ID, Azure, and M365.
Christian holds a Master’s degree in IT Security and the CISSP certification. He has successfully delivered over 300 projects across diverse sectors, establishing deep expertise in security architecture, risk management, and penetration testing for web, mobile, and operating systems.
Since 2019, Christian has been the Managing Director of bi-sec GmbH, leading a firm dedicated to expert consulting, rigorous penetration testing, and specialized security training.
| Length | 45 minutes |
|---|