Kim & Tom

The video above is an unscripted conversation with the infrastructure lead and engineer, recorded after the project crossed 90% enforcement. A lot of application allowlisting projects don’t realize their full potential. The organization starts with good intentions, hits something that causes business impact, loses the trust of the business, and quietly walks it back. Sometimes they postpone the rollout, sometimes they just drop it entirely. This company didn't do that. They're a 25,000-seat...

Microsoft's Recommended Block Rules and the LOLBin Problem in WDAC Windows Defender Application Control (WDAC) is one of the stronger application control technologies available on Windows. When properly configured, it significantly narrows the attack surface available to an adversary who has landed on a system. But "properly configured" is doing a lot of work in that sentence — and understanding why requires looking at a trust assumption that sits at the very core of how WDAC works by...

In Part 1 of this series, we explored a fundamental question: just because an application is reputable, does that mean it belongs in your organization? We introduced the Intelligent Security Graph (ISG) and examined whether enabling it is the right call for your environment. In this second and final part, we shift focus to a technical challenge that the ISG introduces — one that is documented by Microsoft, but easy to misread and even easier to underestimate. A Warning Worth Reading Twice...