How to Bypass Windows AppLocker

Alban Cenaj
1 min readJun 8, 2021

--

AppLocker
Is a technology first introduced with Microsoft’s Windows 7 operating system. Through AppLocker we can restrict programs that users can execute, based on the hash, program’s path or publisher. AppLocker configuration can be done via GPO.

Group Policy Object (GPO) — Through the use of GPO, it is possible to configure and manage various applications, operating systems and user settings in a centralized way in Active Directory.

AppLocker Default Rules by default allow all files inside the Windows folder and Program Files folder to be executed, otherwise the system will not work normally.

AppLocker Rule types

  • Publisher
    To use a publisher condition, files must be digitally signed by the software publisher. This does not allow users to use programs that are not digitally signed.
  • Path
    The path condition identifies an application from its location in the computer file system. This condition prevent or allow the execution of applications based on folder PATH.
  • File Hash
    Are the most recommended because they allow us to create a rule for different publisher combinations, product name, file name and version.

Based on what you read above we have come to a conclusion that using AppLocker will greatly increase security.

However, there are still many ways to bypass AppLocker and I have explained one of them step by step with a video.

Proof of concept can be found below

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

No responses yet

Write a response