killchain-compendium/post exploitation/docs/windows/applocker.md

795 B

Applocker

  • Ruleset/policy for files and directories
  • Config file is secpol.msc
  • Sysadmins may create rules and push them to devices on the network.

Categories

  • Executable Rules, Determines what executables and applications can be run from specified directories.
  • Windows Installer Rules, Determines what Installers can be run
  • Script Rules, Determines what and where scripts can be run
  • Packaged app Rules, Determines what pre-packaged Windows applications can be run

Bypass