Application Whitelisting is a powerful preventative control that defines a list of approved software, and only those applications are permitted to execute. This fundamentally prevents unauthorized code, such as malware or an attacker's custom tools, from running. This directly stops the initial execution required for propagation and post-exploitation.

Privilege Management, which enforces the principle of least privilege, is a cornerstone of mitigating post-exploitation activities. By ensuring users and processes only have the minimum permissions necessary, it severely restricts an attacker's ability to escalate privileges, access sensitive data, modify system configurations, or move laterally within the network, thus containing the impact of a breach.

B. Threat Intelligence Integration: This provides data to enhance detection and response capabilities but is not a direct preventative or mitigating control on the endpoint itself.

D. Host-Based Firewall: While crucial for blocking network-based propagation, it does not prevent the execution of malicious code already on the host or limit its local privileges.

E. Intrusion Detection System (IDS): An IDS is a detective control that generates alerts on potential threats. It does not actively block or mitigate the malicious activity.

1. Center for Internet Security (CIS). (2021). CIS Critical Security Controls v8.

Control 02: Inventory and Control of Software Assets, Safeguard 2.7, recommends using application whitelisting to ensure that only authorized software can execute.

Control 06: Access Control Management, Safeguard 6.3, emphasizes managing privileged access rights to limit opportunities for attackers to leverage elevated privileges post-compromise.

2. National Institute of Standards and Technology (NIST). (2020). NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations.

Control AC-6 (Least Privilege), states that the principle of least privilege should be enforced for all accounts and processes, which is fundamental to limiting the damage from malicious code (p. 61).

Control SI-7 (Software, Firmware, and Information Integrity), discusses mechanisms like cryptographic signatures and whitelisting to prevent the installation of unauthorized software (p. 299).

3. Saltzer, J. H., & Schroeder, M. D. (1975). The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), 1278-1308. https://doi.org/10.1109/PROC.1975.9939

This foundational academic paper establishes the Principle of Least Privilege as a core design principle for secure systems. It states that every program and every user should operate using the least set of privileges necessary to complete the job (Section I.A.3, p. 1281). This directly supports the role of privilege management in mitigating post-exploitation damage.