From 742c7ee3c248a46a7a691cfc4f825851de47fbe9 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Mon, 6 Jan 2020 23:03:54 +0100
Subject: [PATCH] AppLocker rules

---
 Methodology and Resources/Windows - Privilege Escalation.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Methodology and Resources/Windows - Privilege Escalation.md b/Methodology and Resources/Windows - Privilege Escalation.md
index 339fd23..955e79f 100644
--- a/Methodology and Resources/Windows - Privilege Escalation.md	
+++ b/Methodology and Resources/Windows - Privilege Escalation.md	
@@ -6,6 +6,7 @@
 * [Windows Version and Configuration](#windows-version-and-configuration)
 * [User Enumeration](#user-enumeration)
 * [Network Enumeration](#network-enumeration)
+* [AppLocker Enumeration](#applocker-enumeration)
 * [EoP - Looting for passwords](#eop---looting-for-passwords)
     * [SAM and SYSTEM files](#sam-and-system-files)
     * [Search for file contents](#search-for-file-contents)
@@ -218,6 +219,11 @@ reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s
 Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
 ```
 
+## AppLocker Enumeration
+
+- With the GPO
+- HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2 (Keys: Appx, Dll, Exe, Msi and Script).
+
 ## EoP - Looting for passwords
 
 ### SAM and SYSTEM files