There’s an interesting comment on my Circumventing SRP and AppLocker, By Design post. In my previous post, I showed a feature to circumvent SRP and AppLocker validation when a DLL is loaded. The anonymous commenter points out a feature to create a new process, while circumventing SRP and AppLocker. Flag SANDBOX_INERT in function CreateRestrictedToken allows … Continue reading Circumventing SRP and AppLocker to Create a New Process, By Design