# Applocker

* Ruleset/policy for files and directories
* Config file is `secpol.msc` 
* Sysadmins may create rules and push them to devices on the network.

## Categories
* `Executable Rules`, Determines what executables and applications can be run from specified directories.
* `Windows Installer Rules`, Determines what Installers can be run
* `Script Rules`, Determines what and where scripts can be run
* `Packaged app Rules`, Determines what pre-packaged Windows applications can be run

## Bypass
* Check for executable paths at [HackLikeAPornStar's repo](https://github.com/HackLikeAPornstar/GibsonBird/blob/master/chapter4/applocker-bypas-checker.ps1)
* [api0cradle's generic bypasses](https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md)