If AppLocker is configured with default rules, we can bypass it by placing our executable in the following directory below which is whitelisted by default.
C:\Windows\System32\spool\drivers\color
Last updated 5 years ago
