Closed jpginc closed 5 years ago
I setup default applocker rules and verified that an xbap run from the file system (or any UNC path) can execute arbitrary c# code. I've added a link to a blog post with the steps to reproduce.
You can reproduce the bypass by cloning https://github.com/jpginc/xbapAppWhitelistBypassPOC and running the xbap in the /powershell/bin/Debug/ folder
Awesome stuff! Will add it to the repo. I use the Yaml files as base for this so I need to change those.
Oh i see, so i'll submit another pull request where i just modify the presentationhost.exe yaml file
I setup default applocker rules and verified that an xbap run from the file system (or any UNC path) can execute arbitrary c# code. I've added a link to a blog post with the steps to reproduce.
You can reproduce the bypass by cloning https://github.com/jpginc/xbapAppWhitelistBypassPOC and running the xbap in the /powershell/bin/Debug/ folder