Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Testing Windows Hybrid Hardening (new hardening application).
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1057999"><p>[USER=32260]@Andy Ful[/USER]</p><p></p><p>Ah the old DLL Hijack case study again. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> With the very unrealistic scenario on how an ISO file is teleported on the PC and a fabricated LNK is used to execute CMD. Easy to prevent by blocking CMD as a lolbin or protecting LNK or blocking execution in archivers (e.g. with the ecellent Hard_Cofigurator) or blocking file extensions from archivers (e.g with the smart and problem free SimpleWindowsHardening). Quick fixes you certainly must recognize <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p><p></p><p>I am not going into the WHH discussion again, took me ages to get three YES out of you. For people not understading where we were talking about the "your DLL hole is bigger than my DLL hole" must have been hilarisch to read in the WHH thread. I think it is safe to say that Andy and I agree for 95% on the subjects we discuss, but we disagree passionately on the remaining 5%. ***</p><p></p><p>So I will stick to my advice: WDAC-ISG (with H_C in WSH mode blocking lolbins) is an excellent alternative to SAC for people who are unable to use SAC (e.g. Windows10 or disabled SAC in Windows11 after evaluation). I did not tell people to use WDAC-ISG instead of SAC. I literally posted that "WDAC-ISG is the slightly dumber but more controllable and configurable sibling of SAC". When you run into a problems with SAC, using the WDAC wizzard you can make exceptions to make WDAC-ISG work where SAC does not have any options other than to turn it off.</p><p></p><p></p><p>Note ***</p><p>I think it is a pity you choose to combine SWH with WDAC in block mode in WHH, I had hoped you would have combined WDAC-ISG with H_C in SWH mode blocking LoLbins also. Kind of ironic that we disagree in thread A and in thread B, but in thread B you provide a case study which could have made us agree in thread A <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1057999"] [USER=32260]@Andy Ful[/USER] Ah the old DLL Hijack case study again. :) With the very unrealistic scenario on how an ISO file is teleported on the PC and a fabricated LNK is used to execute CMD. Easy to prevent by blocking CMD as a lolbin or protecting LNK or blocking execution in archivers (e.g. with the ecellent Hard_Cofigurator) or blocking file extensions from archivers (e.g with the smart and problem free SimpleWindowsHardening). Quick fixes you certainly must recognize ;) I am not going into the WHH discussion again, took me ages to get three YES out of you. For people not understading where we were talking about the "your DLL hole is bigger than my DLL hole" must have been hilarisch to read in the WHH thread. I think it is safe to say that Andy and I agree for 95% on the subjects we discuss, but we disagree passionately on the remaining 5%. *** So I will stick to my advice: WDAC-ISG (with H_C in WSH mode blocking lolbins) is an excellent alternative to SAC for people who are unable to use SAC (e.g. Windows10 or disabled SAC in Windows11 after evaluation). I did not tell people to use WDAC-ISG instead of SAC. I literally posted that "WDAC-ISG is the slightly dumber but more controllable and configurable sibling of SAC". When you run into a problems with SAC, using the WDAC wizzard you can make exceptions to make WDAC-ISG work where SAC does not have any options other than to turn it off. Note *** I think it is a pity you choose to combine SWH with WDAC in block mode in WHH, I had hoped you would have combined WDAC-ISG with H_C in SWH mode blocking LoLbins also. Kind of ironic that we disagree in thread A and in thread B, but in thread B you provide a case study which could have made us agree in thread A ;) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
