Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/api0cradle/UltimateAppLockerByPassList

The goal of this repository is to document the most common techniques to bypass AppLocker.
https://github.com/api0cradle/UltimateAppLockerByPassList

applocker awl blueteam bypass purpleteam redteam rules

Last synced: about 1 month ago
JSON representation

The goal of this repository is to document the most common techniques to bypass AppLocker.

Awesome Lists containing this project

README 

        
# Ultimate AppLocker ByPass List

The goal of this repository is to document the most common and known techniques to bypass AppLocker. 

Since AppLocker can be configured in different ways I maintain a verified list of bypasses (that works against the default AppLocker rules) and a list with possible bypass technique (depending on configuration) or claimed to be a bypass by someone. 

I also have a list of generic bypass techniques as well as a legacy list of methods to execute through DLLs.

   

   

   

## INDEXED LISTS



* [Generic-AppLockerbypasses.md](Generic-AppLockerbypasses.md)

* [VerifiedAppLockerBypasses.md](VerifiedAppLockerBypasses.md)

* [UnverifiedAppLockerBypasses.md](UnverifiedAppLockerBypasses.md)

* [DLL-Execution.md](DLL-Execution.md)

   

   

   

## YML

I have also created everything in YML format so it the data can be reused.

The YML files can be found under the YML folder. 

      

     

     

For details on how I verified and how to create the default rules you can check my blog: 

https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/  



## BLOCK RULES

The rules can be found in the AppLocker-BlockPolicies folder.

   

    

Please contribute and do point out errors or resources I have forgotten.



## Other tools

Remember to check out my Powershell module called PowerAL: https://github.com/api0cradle/PowerAL

This can help you identify weaknesses