Skip to content

The goal of this repository is to document the most common techniques to bypass AppLocker.

Notifications You must be signed in to change notification settings

api0cradle/UltimateAppLockerByPassList

Repository files navigation

Ultimate AppLocker ByPass List

The goal of this repository is to document the most common and known techniques to bypass AppLocker. Since AppLocker can be configured in different ways I maintain a verified list of bypasses (that works against the default AppLocker rules) and a list with possible bypass technique (depending on configuration) or claimed to be a bypass by someone. I also have a list of generic bypass techniques as well as a legacy list of methods to execute through DLLs.

INDEXED LISTS

YML

I have also created everything in YML format so it the data can be reused. The YML files can be found under the YML folder.

For details on how I verified and how to create the default rules you can check my blog: https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/

BLOCK RULES

The rules can be found in the AppLocker-BlockPolicies folder.

Please contribute and do point out errors or resources I have forgotten.

Other tools

Remember to check out my Powershell module called PowerAL: https://github.com/api0cradle/PowerAL This can help you identify weaknesses

About

The goal of this repository is to document the most common techniques to bypass AppLocker.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published