{
	"id": "f76286b8-ce76-42f6-9d35-a8a238b22370",
	"created_at": "2026-04-06T00:06:48.272064Z",
	"updated_at": "2026-04-10T03:22:00.533997Z",
	"deleted_at": null,
	"sha1_hash": "dc4f39672af3e1f21c9cb5d3a71f187cba714a2c",
	"title": "GitHub - api0cradle/UltimateAppLockerByPassList: The goal of this repository is to document the most common techniques to bypass AppLocker.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37607,
	"plain_text": "GitHub - api0cradle/UltimateAppLockerByPassList: The goal of\r\nthis repository is to document the most common techniques to\r\nbypass AppLocker.\r\nBy api0cradle\r\nArchived: 2026-04-05 22:32:06 UTC\r\nUltimate AppLocker ByPass List\r\nThe goal of this repository is to document the most common and known techniques to bypass AppLocker. Since\r\nAppLocker can be configured in different ways I maintain a verified list of bypasses (that works against the\r\ndefault AppLocker rules) and a list with possible bypass technique (depending on configuration) or claimed to be\r\na bypass by someone. I also have a list of generic bypass techniques as well as a legacy list of methods to execute\r\nthrough DLLs.\r\nINDEXED LISTS\r\nGeneric-AppLockerbypasses.md\r\nVerifiedAppLockerBypasses.md\r\nUnverifiedAppLockerBypasses.md\r\nDLL-Execution.md\r\nYML\r\nI have also created everything in YML format so it the data can be reused. The YML files can be found under the\r\nYML folder.\r\nFor details on how I verified and how to create the default rules you can check my blog:\r\nhttps://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/\r\nBLOCK RULES\r\nThe rules can be found in the AppLocker-BlockPolicies folder.\r\nPlease contribute and do point out errors or resources I have forgotten.\r\nOther tools\r\nRemember to check out my Powershell module called PowerAL: https://github.com/api0cradle/PowerAL This can\r\nhelp you identify weaknesses\r\nhttps://github.com/api0cradle/UltimateAppLockerByPassList\r\nPage 1 of 2\n\nSource: https://github.com/api0cradle/UltimateAppLockerByPassList\r\nhttps://github.com/api0cradle/UltimateAppLockerByPassList\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/api0cradle/UltimateAppLockerByPassList"
	],
	"report_names": [
		"UltimateAppLockerByPassList"
	],
	"threat_actors": [],
	"ts_created_at": 1775434008,
	"ts_updated_at": 1775791320,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dc4f39672af3e1f21c9cb5d3a71f187cba714a2c.pdf",
		"text": "https://archive.orkl.eu/dc4f39672af3e1f21c9cb5d3a71f187cba714a2c.txt",
		"img": "https://archive.orkl.eu/dc4f39672af3e1f21c9cb5d3a71f187cba714a2c.jpg"
	}
}