Bypass Application Whitelisting using wmic.exe (Multiple Methods)

This purpose to write this post is to demonstrate the most common and familiar techniques of whitelisting AppLocker bypass. As we know for security reason the system admin add group policies to restrict app execution for local user. In our previous article, we had discussed on “Windows Applocker Policy – A Beginner’s Guide” as they defines the AppLocker rules for your application control policies and how to work with them. But today you will learn how to bypass Applocker policies with wmic.exe.

Table of Content

Introduction to Wmic.exe

Exploiting Techniques

• Koadic
• Powershell Empire
• Link hta within XSL code

Wmic.exe

The WMIC utility is a Microsoft tool provides a WMI command-line interface that is used for a variety of administrative functions for local and remote machine and also used to wmic query such as system settings, stop processes and execute scripts locally or remotely. Therefore, it can invoke XSL script (eXtensible Stylesheet Language).

FUll Article Read Here