some case did not list

[wmliang]

some case from https://pentestlab.blog did not list

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/
https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/
https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/
https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/

does it mean they work against the non-default rules ?

[api0cradle]

Hi. Sorry for the late reply. I literally just noticed this message. I will look into the bypasses. The Ultimate AppLocker bypass list is a work in progress project and there certainly are bypasses that are not listet yet. Thanks for pointing these ones out. 👍

[api0cradle]

https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/ - I need to look into this further

https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/ - Only works if Scripting rules are not applied.
https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/ - Added this to the generic section
https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/ - Patch is in most operating systems so I consider this very unlikely.