Closed jpginc closed 6 years ago
updating just the yaml file now :-)
I setup default applocker rules and verified that an xbap run from the file system (or any UNC path) can execute arbitrary c# code. I've added a link to a blog post with the steps to reproduce.
You can reproduce the bypass by cloning https://github.com/jpginc/xbapAppWhitelistBypassPOC and running the xbap in the /powershell/bin/Debug/ folder
updating just the yaml file now :-)
I setup default applocker rules and verified that an xbap run from the file system (or any UNC path) can execute arbitrary c# code. I've added a link to a blog post with the steps to reproduce.
You can reproduce the bypass by cloning https://github.com/jpginc/xbapAppWhitelistBypassPOC and running the xbap in the /powershell/bin/Debug/ folder