app-control

5 posts tagged app-control.

AppLocker vs App Control for Business: Two Locks on the Same Door, and Why Windows Still Ships Both in 2026

May 31, 2026

Windows 11 24H2 ships two parallel application-control systems. One is operational hygiene; the other is the security boundary. The line between them is a single sentence in MSRC servicing criteria.
Living Off the Land on Windows: The LOLBin Catalog and the Structural Ceiling Microsoft Cannot Break

May 25, 2026

How a 1996 Authenticode design choice produced the LOLBin class, why the LOLBAS catalog has 207 binaries and Microsoft only blocks ~40, and why that gap is permanent.
The Driver That Was Signed and the Driver That Won't Load: Windows Kernel Code Integrity, 2006-2026

May 13, 2026

A history of Windows kernel code-signing -- KMCS, BYOVD, HVCI, the Vulnerable Driver Block List, and why a 2026 Windows kernel uses five gates to decide what loads.
WDAC + HVCI: Code Integrity at Every Layer in Windows

May 10, 2026

How Windows decides which code is allowed to run, end-to-end: WDAC policy schema, HVCI per-VTL SLAT enforcement, the audit-to-enforce loop, and the residual attack surface neither feature can close.
"Who Is This Code?" -- The Quiet 33-Year Reinvention of App Identity in Windows

May 7, 2026

NT 3.1 could prove which user typed at the keyboard but had no answer to which code was running. Eight successive primitives later, Windows is still answering the same question.