https://github.com/tyranid/DeviceGuardBypasses

A repository of some of my Windows 10 Device Guard Bypasses
https://github.com/tyranid/DeviceGuardBypasses

Last synced: 11 months ago
JSON representation

A repository of some of my Windows 10 Device Guard Bypasses

Host: GitHub
URL: https://github.com/tyranid/DeviceGuardBypasses
Owner: tyranid
License: gpl-3.0
Created: 2017-07-22T17:09:24.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2017-08-03T21:22:11.000Z (over 8 years ago)
Last Synced: 2024-02-14T13:29:39.963Z (about 2 years ago)
Language: C#
Size: 38.1 KB
Stars: 133
Watchers: 12
Forks: 44
Open Issues: 0
Metadata Files:
- Readme: README
- License: LICENSE
- Authors: AUTHORS

Awesome Lists containing this project

yeyintminthuhtut-awesome-red-teaming - Window 10 Device Guard Bypass
Awesome-Red-Teaming - Window 10 Device Guard Bypass
awesome-csirt - DeviceGuardBypasses

README

Windows 10 Device Guard Bypasses
(c) 2017 James Forshaw

This solution contains some of my UMCI/Device Guard bypasses. They're
are designed to allow you to analyze a system, such as Windows 10 S
which comes pre-configured with a restrictive UMCI policy.

CreateAddInIpcData:

Tested on Windows 10 15063.483 with .NET 4.7.

This is an issue with the exposed .NET Remoting IPC channel in AddInProcess.exe
(and AddInProcess32.exe) on .NET v4+.

See my blog post (https://tyranidslair.blogspot.com/2017/07/dg-on-windows-10-s-executing-arbitrary.html)
for more information about how to use this bypass code.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/tyranid/DeviceGuardBypasses

Awesome Lists containing this project

README