AppLocker Rules Abuse

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/offensive-security/ingested/AppLocker Rules Abuse.md.

Status: integrated

Excerpt

AppLocker was introduced by Microsoft in Windows 7 to enable organizations to define which executables, scripts or installers are allowed to run in their environments. AppLocker can reduce the attack surface by enforcing rules that allow only trusted executions. As a result, malicious code is prevented from running. It should be noted that AppLocker is not enabled by default and requires a solid u…