UltimateAppLockerByPassList
AaronLocker
UltimateAppLockerByPassList | AaronLocker | |
---|---|---|
4 | 20 | |
1,816 | 579 | |
- | 2.4% | |
2.1 | 0.0 | |
8 months ago | over 1 year ago | |
PowerShell | PowerShell | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
UltimateAppLockerByPassList
-
AppLocker - Deny vs Allow and Except
Check out the Ultimate AppLocker Bypass list and add those https://github.com/api0cradle/UltimateAppLockerByPassList
-
FSRM saved our asses
Too bad it's trivial to bypass. My favorite bypass is through alternate data streams, which Applocker is unaware of.
-
What group policy rule should ever network have?
Remember to block these writable paths in under c:\Windows: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md
- Safe powershell
AaronLocker
- Advanced Hunting Report for Applications Started
-
Blocking portable applications ?
Check it out here https://github.com/microsoft/AaronLocker
- Can anyone help? I wish to block a specific application from being installed, is this possible with Intune?
- We have Local Admin disabled for all users but they were able to install adware without prompting UAC/admin credentials. Curious how that's possible
-
Application whitelist software - is it worth it?
100% this. OP, If you want to go further, checkout Aaronlocker https://github.com/microsoft/AaronLocker
- Disabling Windows Firewall
-
Auto Learn for Windows Firewall?
As for "why would you do that??", my reasoning is that Aaronlocker exists, and so should Aaronwall (final name pending). If I can be notified when some application tries to communicate on blocked ports, I can take action by contacting the user who ran the application, and that is safer for everyone.
-
Recommendations for Software Whitelisting Software?
You could look into Aaronlocker. That is a tool which can be used to manage AppLocker installations and it's open source. https://github.com/microsoft/AaronLocker
-
You can do really good Cybersecurity right now for cheap and you don't need a CISSP/Sec Team/etc to do it. "Fuck miracles, fix what you have now." - #SwiftonSecurity.
Turn on Applocker to block all exes/scripts by default. You can use Aaronlocker to help scan for exceptions, then enable it in audit mode for a few weeks to catch anything else you need to allow (use Windows Event Forwarding if you don't have another way of collecting Windows events. It's also pretty easy to set up). I did it recently and it's been pretty painless so far. Well worth it to know users can't run some random program they downloaded or found on a USB drive.
- Block unauthorized applications from being installed and running? AppLocker?
What are some alternatives?
HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
CryptoBlocker - A script to deploy File Server Resource Manager and associated scripts to block infected users
LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
GoodHound - Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
PWF - Practical Windows Forensics Training
cobalt-arsenal - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Purpleteam - Purpleteam scripts simulation & Detection - trigger events for SOC detections
BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.
awesome-lists - Security lists for SOC detections