Bypassing AppLocker with PowerShell Scripts

Several years ago, Microsoft announced a new tool – AppLocker, which, according to the developers, was designed to increase the level of security when working in Windows. Unfortunately, the way was uncovered, in which you can run any application in the system bypassing AppLocker and without administrator rights.

This article discusses how you can execute commands and bypass AppLocker using PowerShell diagnostic scripts. Casey Smith successfully detected an AppLocker crawl by using load assemblies in PowerShell by URL, file location, and byte code. The verification of this method is described in this article.

For more information about the AppLocker workarounds, I highly recommend checking the Ultimate AppLocker workaround, created and maintained by Oddvar Moe (@Oddvarmoe).

 

More.