-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add evasion module applocker_evasion_msbuild #12130
Conversation
I'm currently testing this out. Thanks! |
@wchen-r7 sorry just pushed one final commit to fix an issue I had overlooked |
No problem. Thanks for the heads up. |
Really enjoyed playing with the module. Thanks for sharing. |
Release NotesThe applocker_evasion_msbuild module has been added to the framework. It is designed to evade solutions such as software restriction policies and Applocker. The main vector for this bypass is to use the trusted binary MSBuild.exe in executing user supplied code. |
This reverts commit e9b20c7.
Intro
This module is designed to evade solutions such as software restriction policies and Applocker.
The main vector for this bypass is to use the trusted binary MSBuild.exe in executing user supplied code.
This pull request is in reference to the previous pull request #8783.
Vulnerable Application
This evasion will work on all versions of Windows that include .net versions 3.5 or greater (note: ensure the selected payload matches the target os architecture).
Verification Steps
use evasion/windows/applocker_evasion_msbuild
exploit