Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add evasion module applocker_evasion_msbuild #12130
This module is designed to evade solutions such as software restriction policies and Applocker.
This pull request is in reference to the previous pull request #8783.
This evasion will work on all versions of Windows that include .net versions 3.5 or greater (note: ensure the selected payload matches the target os architecture).
Jul 31, 2019
The applocker_evasion_msbuild module has been added to the framework. It is designed to evade solutions such as software restriction policies and Applocker. The main vector for this bypass is to use the trusted binary MSBuild.exe in executing user supplied code.