WDACConfig module - BYOVD update

This update to the WDACConfig module includes the BYOVD attack vector protection that I talked about previously on Twitter.

YOUTUBE VIDEO: How to easily protect against BYOVD attack scenarios with WDAC policy in Windows

Changes in the v0.1.9:

1. Improved the New-WDACConfig -MakePolicyFromAuditLogs by accounting for situations where event viewer logs don't contain any files that are no longer on the disk even though user chooses to include them.
2. Added new functionality and cmdlet New-KernelModeWDACConfig, capable of providing complete protection against all BYOVD (Bring Your Own Vulnerable Driver) scenarios
3. Improved the Set-CommonWDACConfig argument completers by showing a file picker GUI when selecting certificates or browsing for custom SignTool.exe path.

More info

• WDAC policy for BYOVD Kernel mode only protection

• New‐KernelModeWDACConfig