Grzegorz Tworek

Security researcher, 15x nominated as Microsoft Most Valuable Professional.
Second Generation IT Professional. Since nineties, actively writing, blogging, and speaking about security, especially when it comes to Microsoft solutions. During his career, built and managed different Security Teams, wrote dozens of tools, put some hackers to jail and got some others out of jail. Multiple times awarded with Microsoft Most Valuable Professional award.



21 May 2022 - 09:00 BSides Tirana 2022 - Schedule

Bypassing AppLocker protection by manipulating its cache

Built-in application whitelisting solution greatly improves the security of the Windows operating system. But are you aware it relies on the cached data to make its operations faster? Manipulation of the cache content may lead to the protection bypass. The session focuses on the mechanism, its bypasses and mitigations.