some case did not list - Githubissues

api0cradle / UltimateAppLockerByPassList

The goal of this repository is to document the most common techniques to bypass AppLocker.

1.91k stars 353 forks source link

some case did not list #1

Open wmliang opened 6 years ago

wmliang commented 6 years ago

some case from https://pentestlab.blog did not list

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/ https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/ https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/ https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/

does it mean they work against the non-default rules ?

api0cradle commented 6 years ago

Hi. Sorry for the late reply. I literally just noticed this message. I will look into the bypasses. The Ultimate AppLocker bypass list is a work in progress project and there certainly are bypasses that are not listet yet. Thanks for pointing these ones out. 👍

api0cradle commented 6 years ago

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/ - I need to look into this further

https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/ - Only works if Scripting rules are not applied. https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/ - Added this to the generic section https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/ - Patch is in most operating systems so I consider this very unlikely.