Great Scott Marty, we went all the way back to 1995! The project is called Great SCT (Great Scott). GreatSCT is an open source project to generate application whitelist (AWL) bypasses. This tool is intended for BOTH red and blue team. Blue team can benefit by testing the publicly known application whitelisting bypass methods. We will review the most common application whitelisting bypass methods and how to utilize these methods with GreatSCT.
After completing this session, learner will:
- Understand application whitelisting and the efficacy of it
- Understand the importance of application whitelisting bypasses
- Be capable of testing the efficacy of their application whitelisting policy
Chris 'Lopi' Spehn (@ConsciousHacker) is a Consultant on Mandiant's red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University's first information security club, participated in CCDC for three years, and received first place in National Cyber League 2012.