Matt GraeberWindows Defender Application Control (WDAC) Updates in 20H2 and Building a Simple, Secure…The goal is to highlight the WDAC improvements made since Windows 10 20H2 in the context of building and applying a simple but secure…7 min read·Jan 4, 2021--2--2
Matt GraeberWindows Defender Application Control (WDAC) ResourcesOver the years, I have written and recorded a lot of material related to Windows Defender Application Control (previously, Device Guard)…3 min read·Nov 5, 2020--1--1
Matt GraeberinPosts By SpecterOps Team MembersSecurity Descriptor Auditing Methodology: Investigating Event Log SecurityUpon gaining access to a system, what level of access is granted to an attacker who has yet to elevate their privileges?23 min read·Oct 10, 2019----
Matt GraeberinPosts By SpecterOps Team MembersAntimalware Scan Interface Detection Optics Analysis MethodologyIdentification and Analysis of AMSI for WMI10 min read·Oct 4, 2019----
Matt GraeberImproving Infosec (or any Community/Industry) in One Simple but Mindful StepAlternate title for the technical crowd: Discovering, performing root cause analysis of, and strategically mitigating vulnerabilities of…9 min read·May 9, 2019--1--1
Matt GraeberinPosts By SpecterOps Team MembersData Source Analysis and Dynamic Windows RE using WPP and TraceLoggingWhether analyzing a Windows binary or assessing new data sources for detection engineering purposes, using lesser known tracing mechanisms…21 min read·Feb 22, 2019----
Matt GraeberinPosts By SpecterOps Team MembersSubverting X509Certificate.Equals in .NETWhile performing code reviews, I’ve encountered several instances now in .NET code where the Equals method in X509Certificate is used as a…3 min read·Jan 16, 2019----
Matt GraeberinPosts By SpecterOps Team MembersAbusing PowerShell Desired State Configuration for Lateral MovementLateral Movement Technique Description5 min read·Nov 1, 2018--1--1
Matt GraeberinPosts By SpecterOps Team MembersArbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exeBypass Technique Description10 min read·Aug 17, 2018--1--1
Matt GraeberinPosts By SpecterOps Team MembersApplication Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbsBypass Technique Description8 min read·Jul 12, 2018----