wdac
6 posts tagged wdac.
-
AppLocker vs App Control for Business: Two Locks on the Same Door, and Why Windows Still Ships Both in 2026
Windows 11 24H2 ships two parallel application-control systems. One is operational hygiene; the other is the security boundary. The line between them is a single sentence in MSRC servicing criteria.
-
Living Off the Land on Windows: The LOLBin Catalog and the Structural Ceiling Microsoft Cannot Break
How a 1996 Authenticode design choice produced the LOLBin class, why the LOLBAS catalog has 207 binaries and Microsoft only blocks ~40, and why that gap is permanent.
-
Two Routes to Code Integrity: Linux IMA + AppArmor vs Windows WDAC + AMSI
Linux and Windows answer one question -- "is this code allowed to run?" -- with very different machinery. Where the verifier lives matters more than how strong it is.
-
Mark of the Web, SmartScreen, and the Catalog of Trust: How Windows Decides Whether to Warn You
How Windows stacks three trust layers -- origin, reputation, and signed catalog -- and why the 2022-2024 SmartScreen bypass arc was always a propagation bug, never a cryptography bug.
-
Authenticode and Catalog Files: The Crypto Foundation Under WDAC
Every Windows trust decision -- UAC, SmartScreen, WDAC, kernel-driver loading -- bottoms out on the same PKCS#7 SignedData envelope shipped in IE 3 in August 1996. Here is the byte-level reason.
-
WDAC + HVCI: Code Integrity at Every Layer in Windows
How Windows decides which code is allowed to run, end-to-end: WDAC policy schema, HVCI per-VTL SLAT enforcement, the audit-to-enforce loop, and the residual attack surface neither feature can close.