Page cover image

Applocker

Enumerating and bypassing AppLocker configurations

C:\> reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\
PS C:\> (Get-AppLockerPolicy -Local).RuleCollections
PS C:\> Get-AppLockerPolicy -Effective -Xml
PS C:\> Get-ChildItem -Path HKLM:Software\Policies\Microsoft\Windows\SrpV2 -Recurse
PS C:\> Get-AppLockerPolicy -Domain -LDAP "LDAP:// DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com

Last updated