Oddvar Moe

Blog post https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/

`1. Is the AllExtendedRights ACE only abusable if "Assign this computer account as a pre-Windows 2000 computer" is set to true?` The group/user you choose when creating a computer account...

I will try to get that fixed and make a new PR

Hi. Sorry for the late reply. I literally just noticed this message. I will look into the bypasses. The Ultimate AppLocker bypass list is a work in progress project and...

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/ - I need to look into this further https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/ - Only works if Scripting rules are not applied. https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/ - Added this to the generic section https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/ - Patch...

Thanks for the info. Note that blocking rundll32 is not supported and it is kinda expected that it will break something.


I have added it, but I do not recommend the blocking rules to be used actively in production without proper testing since it might actually break stuff. The most scary...

This has been added with the new template, but someone needs to do a quality round to verify

Signed executing signed? Signed executing unsigned? @mattifestation's tweet has some good stuff.