|
|
|
|
|
|
by mac-chaffee
1002 days ago
|
|
|
Unfortunately, differentiating good behavior from malicious behavior is a central pillar of security, and the existence of this feature undermines that pillar. * The fact that it's in a popular signed binary means it bypasses app allow-lists. * The fact that it flows through Microsoft's servers bypasses firewall allow-lists. * The fact that no stage2 is required bypasses antivirus scanning. I say "unfortunately" because I personally think attempting to differentiate good behavior from malicious behavior is losing battle. Design-based or resilience-based security controls are the way to go IMO: https://kellyshortridge.com/blog/posts/control-vs-resilience... |
|
|