Red Team Codex
  • Welcome to Red Team Codex (RTC)
  • Posts
    • Red Teaming
      • Initial Foothold Reconnaissance
  • Active Directory Enumeration
    • Overview
    • Domain Enumeration
      • Domain Name
      • Domain Forest Trusts
      • Password Policy
    • Computer Enumeration
      • Domain Controllers
    • User Enumeration
    • Group Enumeration
    • AppLocker Enumeration
  • Payload Development
    • VBA Macros and the Windows API
      • Windows Defender
  • AV / EDR
    • Windows Advanced Threat Protection (ATP)
  • Remote Process Injection
    • CreateRemoteThread()
    • QueueUserAPC()
    • QueueUserAPC() + NtTestAlert()
    • SetWindowsHookEx()
    • SetThreadContext()
    • Process Hollowing
  • My Config Files
    • Windows Terminal
    • Tmux Configuration
    • .bashrc and PS1 Environment
Powered by GitBook
On this page

Was this helpful?

  1. Active Directory Enumeration

AppLocker Enumeration

Enumerating AppLocker configurations present within the domain or the machine.

Discover the AppLocker policies. You may need to retrieve the AppLocker policy based on its unique LDAP path as shown the last example.

C:\> reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe\
PS C:\> (Get-AppLockerPolicy -Local).RuleCollections
PS C:\> Get-AppLockerPolicy -Effective -Xml
PS C:\> Get-ChildItem -Path HKLM:Software\Policies\Microsoft\Windows\SrpV2 -Recurse
PS C:\> Get-AppLockerPolicy -Domain -LDAP "LDAP:// DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com
PreviousGroup EnumerationNextVBA Macros and the Windows API

Last updated 4 years ago

Was this helpful?