By Design
Software Restriction Policies and AppLocker can be configured to whitelist DLLs. But LoadLibraryEx has a feature (LOAD_IGNORE_CODE_AUTHZ_LEVEL) to circumvent SRP and AppLocker - Didier StevensCreate a New Process by Design
There’s an interesting comment on my Circumventing SRP and AppLocker, By Design post.
In my previous post, I showed a feature to circumvent SRP and AppLocker validation when a DLL is loaded.
The anonymous commenter points out a feature to create a new process, while circumventing SRP and AppLocker. Flag SANDBOX_INERT in function CreateRestrictedToken - Didier Stevens
Who controls the past controls the future
Who controls the present controls the past
Who controls the present controls the past
