GitHub - tyranid/DeviceGuardBypasses: A repository of some of my Windows 10 Device Guard Bypasses

tyranid / DeviceGuardBypasses Public

Notifications You must be signed in to change notification settings
Fork 38
Star 133

A repository of some of my Windows 10 Device Guard Bypasses

133 stars 38 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
Bootstrap		Bootstrap
CommonLib		CommonLib
CreateAddInIpcData		CreateAddInIpcData
CreateInstallState		CreateInstallState
ExampleAsm		ExampleAsm
RunPowershell		RunPowershell
.gitattributes		.gitattributes
.gitignore		.gitignore
AUTHORS		AUTHORS
DeviceGuardBypasses.sln		DeviceGuardBypasses.sln
LICENSE		LICENSE
README		README

Repository files navigation

Windows 10 Device Guard Bypasses
(c) 2017 James Forshaw

This solution contains some of my UMCI/Device Guard bypasses. They're
are designed to allow you to analyze a system, such as Windows 10 S
which comes pre-configured with a restrictive UMCI policy.

CreateAddInIpcData:

Tested on Windows 10 15063.483 with .NET 4.7.

This is an issue with the exposed .NET Remoting IPC channel in AddInProcess.exe
(and AddInProcess32.exe) on .NET v4+. 

See my blog post (https://tyranidslair.blogspot.com/2017/07/dg-on-windows-10-s-executing-arbitrary.html)
for more information about how to use this bypass code.