About Show #627
Whitelisting is a good idea - but not easy to make happen! Richard talks to Aaron Margosis about his work making it easier to use AppLocker to implement whitelisting on Windows, a set of scripts and tools named by Chris Jackson as AaronLocker. Aaron talks about implementing the whitelisting strategies outlined in the NSA whitepaper on the subject, making it easier to maintain the whitelist when apps need to be updated. Admins can choose how locked down to make a machine, providing flexibility around updates while still blocking the primary malware vectors - check it out!
Aaron Margosis is a Windows nerd, focusing primarily on cybersecurity. A frequent presenter, he is co-author with Mark Russinovich of Troubleshooting with the Windows Sysinternals Tools (MS Press, 2016), co-author of Microsoft's "Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques," and a primary member of the team that builds Microsoft's security configuration guidance. He has published a number of useful tools over the years, including MakeMeAdmin, LUA Buglight, IE Zone Analyzer, LGPO (Local Group Policy Object utility) and Policy Analyzer. Aaron joined Microsoft Services in 1999, where he works with security-conscious customers.