Abusing AppLocker Misconfigurations - Never Allow Deny Lists - Part 1
Tags
attack-pattern: Mmc - T1218.014 Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID cdc57b74-90eb-4501-a85b-ab04ac7211d9
Fingerprint 8c8c589a3339cd44
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 3, 2024, 3:36 p.m.
Added to db Sept. 3, 2024, 5:46 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Abusing AppLocker Misconfigurations - Never Allow Deny Lists - Part 1
Title Abusing AppLocker Misconfigurations - Never Allow Deny Lists - Part 1
Detected Hints/Tags/Attributes 25/1/5
Source URLs
Redirection Url
Details Source https://medium.com/@Idabian/abusing-applocker-misconfigurations-never-allow-deny-lists-part-1-a98a4c5db778?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1208 
powershell.exe
Details File 32 
powershell_ise.exe
Details File 1 
blabla.exe
Details Url 1 
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules
Details Url 1 
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview