4 tools and resources
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.
Repository documenting common techniques to bypass AppLocker with verified, unverified, and generic bypasses.
Research project on bypassing default Falco ruleset with Dockerfile for sshayb/fuber:latest image.