UltimateAppLockerByPassList icon indicating copy to clipboard operation
UltimateAppLockerByPassList copied to clipboard

Published 20 hours ago verified publisher icon api0cradle

some case did not list

Open wmliang opened this issue 7 years ago • 2 comments

some case from https://pentestlab.blog did not list

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/ https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/ https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/ https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/

does it mean they work against the non-default rules ?

wmliang avatar Feb 05 '18 08:02 wmliang

Hi. Sorry for the late reply. I literally just noticed this message. I will look into the bypasses. The Ultimate AppLocker bypass list is a work in progress project and there certainly are bypasses that are not listet yet. Thanks for pointing these ones out. 👍

api0cradle avatar Mar 06 '18 17:03 api0cradle

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/ - I need to look into this further

https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/ - Only works if Scripting rules are not applied. https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/ - Added this to the generic section https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/ - Patch is in most operating systems so I consider this very unlikely.

api0cradle avatar Oct 26 '18 11:10 api0cradle