{"id":13624050,"url":"https://github.com/api0cradle/UltimateAppLockerByPassList","last_synced_at":"2025-04-15T20:33:05.005Z","repository":{"id":41117511,"uuid":"96935123","full_name":"api0cradle/UltimateAppLockerByPassList","owner":"api0cradle","description":"The goal of this repository is to document the most common techniques to bypass AppLocker. ","archived":false,"fork":false,"pushed_at":"2023-09-11T20:43:25.000Z","size":695,"stargazers_count":1965,"open_issues_count":10,"forks_count":360,"subscribers_count":117,"default_branch":"master","last_synced_at":"2025-04-15T03:53:33.167Z","etag":null,"topics":["applocker","awl","blueteam","bypass","purpleteam","redteam","rules"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/api0cradle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-07-11T20:36:42.000Z","updated_at":"2025-04-09T22:27:22.000Z","dependencies_parsed_at":"2024-01-13T09:46:46.479Z","dependency_job_id":null,"html_url":"https://github.com/api0cradle/UltimateAppLockerByPassList","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/api0cradle%2FUltimateAppLockerByPassList","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/api0cradle%2FUltimateAppLockerByPassList/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/api0cradle%2FUltimateAppLockerByPassList/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/api0cradle%2FUltimateAppLockerByPassList/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/api0cradle","download_url":"https://codeload.github.com/api0cradle/UltimateAppLockerByPassList/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249003955,"owners_count":21196794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["applocker","awl","blueteam","bypass","purpleteam","redteam","rules"],"created_at":"2024-08-01T21:01:38.217Z","updated_at":"2025-04-15T20:33:04.978Z","avatar_url":"https://github.com/api0cradle.png","language":"PowerShell","readme":"# Ultimate AppLocker ByPass List\nThe goal of this repository is to document the most common and known techniques to bypass AppLocker. \nSince AppLocker can be configured in different ways I maintain a verified list of bypasses (that works against the default AppLocker rules) and a list with possible bypass technique (depending on configuration) or claimed to be a bypass by someone. \nI also have a list of generic bypass techniques as well as a legacy list of methods to execute through DLLs.\n   \n   \n   \n## INDEXED LISTS\n\n* [Generic-AppLockerbypasses.md](Generic-AppLockerbypasses.md)\n* [VerifiedAppLockerBypasses.md](VerifiedAppLockerBypasses.md)\n* [UnverifiedAppLockerBypasses.md](UnverifiedAppLockerBypasses.md)\n* [DLL-Execution.md](DLL-Execution.md)\n   \n   \n   \n## YML\nI have also created everything in YML format so it the data can be reused.\nThe YML files can be found under the YML folder. \n      \n     \n     \nFor details on how I verified and how to create the default rules you can check my blog: \nhttps://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/  \n\n## BLOCK RULES\nThe rules can be found in the AppLocker-BlockPolicies folder.\n   \n    \nPlease contribute and do point out errors or resources I have forgotten.\n\n\n## Other tools\nRemember to check out my Powershell module called PowerAL: https://github.com/api0cradle/PowerAL\nThis can help you identify weaknesses\n\n","funding_links":[],"categories":["[↑](#table-of-contents) Defense Evasion","PowerShell","PowerShell (153)","Defense Evasion"],"sub_categories":["Escalation","AppLocker \u0026 Application Whitelisting"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapi0cradle%2FUltimateAppLockerByPassList","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapi0cradle%2FUltimateAppLockerByPassList","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapi0cradle%2FUltimateAppLockerByPassList/lists"}