Just wanted to do a quick follow-up on this bypass. Seems that BGInfo 4.22 still can be used to bypass AppLocker using the techniques I showed in my previous post. Meaning that if you use AppLocker as whitelisting solution I guess you must deny BGInfo.exe in order to prevent this bypass. Screenshots from an AppLocker … Continue reading Clarification – BGInfo 4.22 – AppLocker still vulnerable
Tag: research
Bypassing Application Whitelisting with BGInfo
TL;DR BGinfo.exe older than version 4.22 can be used to bypass application whitelisting using vbscript inside a bgi file. This can run directly from a webdav server. UPDATE: 22.05.2017 AppLocker is still vulnerable with Bginfo 4.22. A blogpost about that here: https://msitpros.com/?p=3860 UPDATE: 19.06.2017 Microsoft has thanked me in their documentation for this finding. The … Continue reading Bypassing Application Whitelisting with BGInfo
Accessing clipboard from the lock screen in Windows 10 #2
#UPDATE# This issue is fixed in the Windows 10 1803 versions and newer. I received a lot of positive feedback on my previous post on accessing the clipboard from the lock screen using the wireless password field. Just out of curiosity I tried other combinations on doing the same thing, and I found out … Continue reading Accessing clipboard from the lock screen in Windows 10 #2
Accessing clipboard from the lock screen in Windows 10
#UPDATE# This issue is fixed in the Windows 10 1803 versions and newer. I discovered something interesting that I wanted to be shared with the rest of the world. Before you read any further, I want you to know that I did send an email to MSRC (Microsoft Security Response Center) about this. The … Continue reading Accessing clipboard from the lock screen in Windows 10
Oddvar Moe's Blog 