Recent content by russ6100

Just as I suspected all along, it was SAC that was responsible for enforcing a policy, essentially "masquerading" as a WDAC policy. All better with the flip of a switch.

7 hours ago, Microsoft's Jim Kennedy (@TonikJDK) announced on X that `bypassnro` is done. There are a lot of folks with pitchforks replying in that thread...

Did you later right-click on the button / link and "copy link" to see the URL?

Oh so not advertising spam - he was "spamming" phishing emails.

Advertising spam?

Knowing that the victim would eventually have access to the emails stored in the "Conversations" folder, it would seem that the attacker had an interest in viewing those emails before the victim...

If the attacker was able to make a rule, he obviously had access to the victims email. I'm assuming that in the victim's environment, copies of all received emails remain on the server, which means that the attacker had access to those. Ugh.

This is absolutely true if he was doing more than passively sniffing. If he was in the position to manipulate the responses, he could send the victim to anywhere of his liking.

Browser plugins can be extremely dangerous. They have access to all browser windows / tabs which normally segregate domains from accessing each other's data / cookies. A typical scenario looks like this: Benign browser plugin gains popularity because it's useful to a large user base. Entity...

The only information that an attacker can glean from your unencrypted DNS is the domain that is looked up and the IP address that domain resolves to and a timestamp. They wouldn't see any of your HTTP requests or responses. If the victim has any browser plugins, I would scrutinize those...

Thanks for that! From the article: "There may come a time when you want to remove one or more App Control policies, or remove all App Control policies you've deployed. This article describes the various ways to remove App Control policies." and: "Signed Base App Control policy If the base...

You're coming at this wrong. You would be much better off working to modify your internet "hygiene", i.e. how you conduct yourself when dealing with the day-to-day links, emails etc. The first line of defense has to be you - 9 times out of 10 devices become compromised due to an action their...

My box leaks like a sieve. I can hear CPU / GPU "chatter" when I sit at my desk playing an electric guitar with single-coil pickups into a slightly gained-up amplifier. It's fun to try to correlate different actions with the emitted sounds.

Hi, This is my very first post - there are many like it but this one is mine. Like what's been alluded to in the title, Why is it that despite settting Group Policy under: Administrative Templates --> System --> Device Guard - `Deploy Windows Defender Application Control` to `Disabled`...