I wrote Tuesday, March 21, 2017 8:09 PM: [ ...snip... ]
> Mitigation: > ~~~~~~~~~~~ > > Create an "AppCert.Dll" that exports CreateProcessNotify and > set the following registry entry > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\AppCertDlls] > "AppCert.Dll"="<path>\AppCert.Dll" [ ...snip... ] If you can't create an "AppCert.Dll" from the code I depicted or don't know how to implement the function "forbidden()" yourself: just visit <https://skanthak.homepage.t-online.de/appcert.html>, read it and get the prebuilt DLLs plus their .INF setup script, packaged in a .CAB archive. enjoy Stefan Kanthak _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
