Windows 10 - Endpoint Security Improvements and the Implant since Windows 2000
Windows 10 and Server 2016 immediately provide defensive technologies that can be used to secure the endpoints within your domain. Both operating systems allow administrators granular control over how to best administer and defend their network, and in the opinion of the speakers, one of the best new defensive technologies provided by these operating systems is Device Guard.
Device Guard is Microsoft’s latest defensive addition that allows administrators to defend their domain against malware. Device Guard is designed to work together with AppLocker and enables administrators to customize how and if applications are allowed to run on endpoints within their domain. This can be based on File Name, Hash, PCACertificate, or more. We will talk about Device Guard, how it is used, demo deploying device guard, and create a couple sample deployment configurations. We want attendees to be able to walk away from this part of our talk and have an idea how they can immediately improve their defenses.
This talk also wouldn’t be complete without looking at these same technologies from an attacker’s perspective! We’ve been analyzing Device Guard configurations and how we expect them to be deployed in the field, and have worked to develop a tool that can not only help attackers in today’s Windows 7 environment, but in the future’s Server 2016 and Windows 10 domains. Developing a multifaceted tool in PowerShell was critical because we wanted maximum functionality, flexibility, and impact. This talk will conclude with the release of our tool.