applocker

Posts with tag applocker

AppLocker cannot stop administrative users

How to break Windows 10 AppLocker

Recently I followed the tracks of an attacker who had exploited administrator rights on an unpatched Windows 10 System. Further attacks on other internal systems were initially stopped by Windows 10 AppLocker. The execution of powershell/cmd where also forbidden by AppLocker. Minutes later, the hacker had overcome this security measure and continued his attack. AppLocker obviously had to have a vulnerability.