WDAC Bypass Techniques — The Complete Reference Catalog
Companion to A Field Guide to WDAC Bypass Techniques — that post explains why the six mechanism families work. This one is the exhaustive catalogue: every publicly documented bypass, who published it, and where to read the original.
This is a reference index. Each entry is one documented technique, the researcher who published it, a one-line description of the mechanism, and a link to the original write-up. The facts (binary names, attributions, and URLs) are drawn from the public record and the canonical curated resource: Jimmy Bayn’s UltimateWDACBypassList. For the maintained, living list, always defer to that repository — this article exists to give the material a readable, searchable home on this blog.
A note on naming: Microsoft has rebranded Windows Defender Application Control (WDAC) as Application Control / Application Control for Business. The older names — Device Guard and UMCI (User-Mode Code Integrity) — still appear throughout the historical research and are preserved in the citations below.
Table of Contents
- How to Read This Catalog
- Documented LOLBIN Bypasses
- On the Block List but Not Yet Publicly Documented
- Libraries Worth Knowing
- Other Unsigned-Code-Execution LOLBINs (Not on the List)
- PowerShell / UMCI / Constrained Language Mode
- COM, XSL, Office, and Active Scripting
- Novel Exploitation and BYOVA
- Defense, Policy Creation, Testing, and Research
- Using This Material Responsibly
- Source Repository
1. How to Read This Catalog
Each technique is a Microsoft-signed (or Microsoft-distributed) binary or component whose legitimate function — compiling, debugging, interpreting, transforming, or installing — can be repurposed to execute attacker-supplied logic. WDAC evaluates at image-load time against signing trust; it does not generally ask “will this signed program run code from a file it reads?” That gap is what every row below exploits.
Two cross-cutting reminders from the source repository, worth pinning to the top:
- The Microsoft recommended block list ships with two default-allow file rules (
ID_ALLOW_A_1,ID_ALLOW_A_2) that must be removed when you apply it, or your “block” policy still allows more than you intend. - The block list is reactive. New signed primitives ship faster than the list updates — the Store-distributed WinDbg Preview is the textbook recent example.
2. Documented LOLBIN Bypasses
| Binary | Mechanism (one line) | Original research |
|---|---|---|
addinprocess.exe | COM add-in host process loads attacker content in a trusted context | James Forshaw — DG on Windows 10 S: Executing Arbitrary Code |
addinprocess32.exe | 32-bit variant of the add-in host, same primitive | James Forshaw — DG on Windows 10 S: Executing Arbitrary Code |
addinutil.exe | Insecure deserialization of add-in configuration data | @McKinleyMike / @TheLatteri — Insecure Deserialization in AddinUtil.exe |
aspnet_compiler.exe | ASP.NET compiler pre-processes/executes build-time logic | cpl (@cpl3h) — The Curious Case of Aspnet_Compiler.exe |
bginfo.exe | Sysinternals tool runs embedded VBScript from a .bgi config | Oddvar Moe — Bypassing AWL with BGInfo |
cdb.exe | Console debugger executes shellcode via .script/memory primitives | Matt Graeber — WinDbg/CDB as a Shellcode Runner |
csi.exe | Roslyn C# interactive REPL runs C# script | Casey Smith — CSI.EXE C# Scripting |
dbghost.exe | Visual Studio T4 template host executes template logic | Casey Smith — Ghost And The Darkness |
dnx.exe | .NET execution environment runs project code | Matt Nelson — Bypassing AWL with DNX.EXE |
dotnet.exe | .NET Core CLI runs assemblies/commands | Jimmy Bayn — DotNet Core: A Vector for AWL Bypass |
fsi.exe | F# interactive host executes F# inline | Nick Tyrer / Jimmy Bayn — fsi.exe inline execution; Wfc/Fsi write-up |
fsiAnyCpu.exe | Architecture-neutral F# host, same mechanism | Nick Tyrer / Jimmy Bayn — Wfc/Fsi write-up |
infdefaultinstall.exe | INF-driven installer runs an installer section’s directives | Kyle Hanslovan / Chris Bisnett — Evading Autoruns |
InstallUtil.exe | Installer host loads and invokes methods on an attacker assembly | James Forshaw — DG on Windows 10 S: Abusing InstallUtil |
Microsoft.Management.Services.IntuneWindowsAgent.exe | Intune agent component abused to bypass control | Kim Oppalfens — Intune Windows Agent Bypass (issue #1) |
kill.exe | Process-kill utility; documented SEH buffer overflow as a primitive | @hyp3rlinx — kill.exe SEH Buffer Overflow |
Microsoft.Workflow.Compiler.exe | Workflow compiler deserialises and runs attacker logic | Matt Graeber — Arbitrary Unsigned Code Execution Vector |
msbuild.exe | Build engine compiles and runs inline C#/VB tasks from a project file | Casey Smith — Bypassing AWL using MSBuild.exe |
mshta.exe | HTA host runs embedded script | @conscioushacker — Application Whitelisting Bypass: mshta.exe |
powershellcustomhost.exe | Custom PowerShell host that escapes the default constrained surface | Lasse Trolle Borup — A Simple Device Guard Bypass |
rcsi.exe | Roslyn C# script runner (non-interactive variant) | Matt Nelson — Bypassing AWL with RCSI.EXE |
runscripthelper.exe | Signed utility executes PowerShell from a constrained path | Matt Graeber — Bypassing AWL with runscripthelper.exe |
visualuiaverifynative.exe | UI-automation verifier loads and runs code | Lee Christensen / Jimmy Bayn — VisualUiaVerifyNative |
wfc.exe | F# workflow compiler | MSRC / Matt Graeber tip, Jimmy Bayn write-up — Wfc/Fsi write-up |
windbg.exe | GUI debugger with the same scripting surface as cdb | Matt Graeber — WinDbg/CDB as a Shellcode Runner |
wmic.exe | Honours an /format: flag pointing at an XSL stylesheet that runs script | Casey Smith — WMIC Whitelisting Bypass — Hacking with Style |
WSL family — bash.exe, lxrun.exe, wsl.exe, wslconfig.exe, wslhost.exe | Linux subsystem executes code outside a Windows-only policy’s scope | Alex Ionescu — Fun with the Windows Subsystem for Linux (lxss) |
3. On the Block List but Not Yet Publicly Documented
These binaries appear on Microsoft’s recommended block list even where a full public abuse write-up is thin. The defensive assumption is that they share a debugger/loader/scripting primitive with documented neighbours and are blocked precautionarily.
dbgsvc.exe— debugger service hostkd.exe— kernel debuggerntkd.exe— kernel debugger (legacy)ntsd.exe— console debugger (NT symbol debugger)texttransform.exe— T4 text templating transformation hostHVCIScan.exe— Hyper-V code-integrity scanning utility
4. Libraries Worth Knowing
DLLs that appear on the block list. Independent abuse of these is “may or may not be interesting” territory, but they are the loaded code behind several techniques above and worth recognising in telemetry.
Microsoft.Build.dllMicrosoft.Build.Framework.dllmsbuild.dlllxssmanager.dll— the WSL service implementationsystem.management.automation.dll— the PowerShell enginewebclnt.dll/davsvc.dll— WebDAV client/service (the classic\\host@port\resourcepath)mfc40.dll
5. Other Unsigned-Code-Execution LOLBINs (Not on the List)
| Binary | Mechanism (one line) | Original research |
|---|---|---|
dbgsrv.exe | Debugger server used to attach and drive code execution remotely | Casey Smith / Ross Wolf — How to Bypass WDAC with dbgsrv.exe (FortyNorth); Fantastic Red-Team Attacks (Black Hat) |
WinDbgX.exe | Store-distributed, Microsoft-signed WinDbg Preview; outside the recommended block list; injects shellcode via .wds scripting | CerberSec — Bypass WDAC WinDbg Preview — see also my deep-dive |
6. PowerShell / UMCI / Constrained Language Mode
When WDAC policy includes UMCI, PowerShell is forced into Constrained Language Mode (CLM). A long line of research covers escapes from CLM and the surrounding UMCI surface.
| Technique | Mechanism (one line) | Original research |
|---|---|---|
PSWorkflowUtility (CVE-2017-0215) | Workflow utility abused to escape constrained language mode | Matt Nelson — UMCI Bypass using PSWorkflowUtility |
| Defeating Device Guard (CVE-2017-0007) | Device Guard bypass via the named-pipe/rpc surface | Matt Nelson — Defeating Device Guard: A Look into CVE-2017-0007 |
| PowerShell code injection → CLM escape | Injecting code into an already-running full-language PowerShell host | Matt Graeber — Exploiting PowerShell Code Injection to Bypass CLM |
| CVE-2017-8715 | Bypass of the CVE-2017-0218 fix via PowerShell module manifests | Matt Nelson — A Look at CVE-2017-8715 |
CVE-2018-8212 (MSFT_SCRIPTRESOURCE) | DSC script resource abused to bypass Device Guard/CLM | Matt Nelson — CVE-2018-8212: Device Guard/CLM Bypass |
Invoke-History CLM bypass | Replaying a history entry to escape constrained mode | Matt Graeber — Invoke-History bypass (post) |
7. COM, XSL, Office, and Active Scripting
A dense family: trusted engines that interpret a markup, manifest, or transform format and execute embedded code.
| Technique | Mechanism (one line) | Original research |
|---|---|---|
| .NET assembly compilation methods | Compiler APIs invoked from script to assemble and run code in-policy | Matt Graeber — Bypassing Device Guard with .NET Assembly Compilation Methods |
| Sneaking Past Device Guard (CVE-2018-8417) | Script-integrity bypass via Office/scripting surface | Philip Tsukerman — Sneaking Past Device Guard (HITB) |
| WLDP CLSID-policy .NET COM instantiation | Instantiate a .NET COM object exempted from WLDP to escape UMCI | James Forshaw — Project Zero issue #1514 |
| WSH injection | Windows Script Host injection case study for UMCI bypass | Matt Nelson — WSH Injection: A Case Study |
winrm.vbs | Signed script host abused for arbitrary unsigned execution | Matt Graeber — Arbitrary Unsigned Code Execution in winrm.vbs |
| COM XSL transformation (CVE-2018-8492) | XSL transform through COM defeats several application-control products | Jimmy Bayn — COM XSL Transformation |
| Catalog-file hygiene | Abuse of signature-catalog trust to launder unsigned code as signed | Jimmy Bayn — Abusing Catalog Hygiene |
| CHM (CVE-2017-8625) | HTML Help as a UMCI bypass vector | Oddvar Moe / Matt Nelson — Bypassing Device Guard UMCI using CHM |
| UMCI vs Internet Explorer (CVE-2017-8625) | IE scripting surface leveraged against the same underlying flaw | Matt Nelson — UMCI vs Internet Explorer |
| Previous-version signed script hosts + catalogs | Older signed script hosts and catalog files used to bypass WDAC | William Easton — VULN-051861 advisory |
8. Novel Exploitation and BYOVA
| Technique | Mechanism (one line) | Original research |
|---|---|---|
| Browser exploit → WDAC bypass | A memory-corruption exploit in a trusted browser achieves execution WDAC must permit | Valentina Palmiotti — Operationalizing browser exploits to bypass WDAC (IBM X-Force) |
| WDAC bypass via Loki C2 (Electron/Node) | A signed Electron shell runs JavaScript payloads; the shell is trusted, the payload is data | Bobby Cooke (0xBoku) — Bypassing WDAC with Loki C2 (IBM X-Force) |
9. Defense, Policy Creation, Testing, and Research
The other half of the catalog: the tooling and deep-dive material for building, deploying, auditing, and testing WDAC policies. This is the material you want on the blue-team desk.
| Resource | What it is | Link |
|---|---|---|
| WDAC stream playlist | Matt Graeber’s video series covering creation, enforcement, bypass, and audit | @mattifestation playlist |
| WDAC Policy Wizard | Microsoft’s official tool for authoring and editing policies | MicrosoftDocs/WDAC-Toolkit |
| WDACTools | PowerShell module to build, configure, deploy, and audit policies | mattifestation/WDACTools |
| WDACPolicies | Baseline software notes + corresponding sample policies | mattifestation/WDACPolicies |
| DeviceGuardBypassMitigationRules | Reference deny policy blocking the published bypasses — companion to this catalog | mattifestation/DeviceGuardBypassMitigationRules |
| Building a WDAC lab | Stand up a test environment end-to-end | FortyNorth Security |
| Documenting & attacking a WDAC feature | Case study in security-research methodology | Matt Graeber — SpecterOps |
| WinAWL | Windows application-control notes and sample policies | Brian in Pittsburgh — arekfurt/WinAWL |
| Exploit Monday | Matt Graeber’s blog — much of the foundational research lives here | exploit-monday.com |
| Quick deploy + test machine setup | Restrictive + scan policy gists for fast lab bring-up | Jimmy Bayn — restrictive / scan |
| WDAC in 20H2 + a simple secure policy | Policy-design evolution and a minimal Windows-only baseline | Matt Graeber — Medium |
| Harden Windows Security — WDAC Notes | Practitioner notes on policy hardening | HotCakeX — wiki |
| Chad Duffey — WDAC Notes | Operational notes from the field | chadduffey.com |
10. Using This Material Responsibly
Every link above points to published, defensive-minded security research. The value of a catalogue like this is twofold: for red teamers it shortens the path from “I have admin” to “I have execution under application control,” and for defenders it is the exact checklist of what a deny policy must account for. If you are on the blue side, the companion DeviceGuardBypassMitigationRules policy is the fastest way to turn this catalogue into enforcement.
Two operating principles:
- Application control is one layer. A block list cannot, by construction, anticipate signed binaries whose legitimate function is to run code. Pair it with behavioural detection, least privilege, and network segmentation.
- Validate before you enforce. Promote a policy from audit to enforced only once your
8007(code-integrity) event log is quiet against your real workload. A policy that breaks the business is a policy that gets turned off.
11. Source Repository
This catalogue is a readable re-presentation of public research. The maintained, canonical resource — the one to watch for new entries — is:
- bohops/UltimateWDACBypassList — Jimmy Bayn’s centralised resource for documented WDAC/Device Guard/UMCI bypass techniques and policy building, managing, and testing. Inspired by Oddvar Moe’s UltimateAppLockerBypassList.
See also the companion orientation on this blog: A Field Guide to WDAC Bypass Techniques, and the WinDbg-Preview deep-dive: Bypassing WDAC with WinDbg Preview.