Do you trust Microsoft Windows?
Matt Graeber is very keen on the concept of trust, what it means for people, and how the assumptions of trust can be undermined. In this article, he follows the goal of highlighting the question of how decisions are made from Microsoft Windows.
Beyond just the validation of the source and integrity of signed code, code signing and trust validation are also critical malware classification components for many security products (e.g. anti-virus and EDR solutions). Proper trust validation also serves as an enforcement component of most application whitelisting solutions (AppLocker, Device Guard, etc.). Subverting the trust architecture of Windows, in many cases, is also likely to subvert the efficacy of security products.
Matt has proven himself by demonstrating how intruders can abuse trusted software and technology. As a former malware developer, Matt saw how much hackers are doing well in executing code that is not trusted by the business. Thus, despite the regular detection of detours, Matt is a zealous advocate of using the white list as a means of preventing most attacks (both opportunistic and targeted), allowing defenders to focus their findings on more capable opponents who manage to slip through the cracks. More information can be clarified in this article.