Posts

How to Bypass Windows AppLocker

Image
  Hello, today we will talk about Applocker bypass techniques in a Windows environment. What is Applocker, how does it protect systems, and more importantly, how to bypass this security feature. So many issues to tackle in this article! What is Applocker? Applocker is a software whitelisting tool introduced by Microsoft starting from Windows Vista/Seven/2008 in order to restrict standard users to only execute specific applications on the system. e.g.: “Alice can run explorer.exe, Bob, however, cannot!” If you are conducting penetration tests, you will likely find Applocker on very sensitive machines: industrial computers, ATM, business workstations, etc. How does it work? To activate Applocker on your testing machine, start the  Application Identity  service (Administrative Tool -> Services), then open the Group Policy Editor ( gpedit.msc  on a local machine or  gpmc.msc  on a domain controller). Browse to “Application Control Policies” in “Security Settings”: Click on “Configure Ru