Huge thanks to Goldengamer842 for the following idea!

Hello, my friends! Let's hit 20K likes? Check out my website! https://enderman.ch
Today I am going to show you how to hack a Windows 10 S Mode system to run .exe and sideload .dll applications. Is that worth it? Probably not. Is that awesome? Hell yes. The way S Mode works is really simple, Microsoft just took their application control implementation and simply turned the Windows Defender Code Integrity service on with a signed Microsoft policy.

DIY:
1. Enter group policy editor, find the Device Guard policy. It is located in \\Computer Configuration\Administrative Templates\System.
2. Disable both settings.
3. Find the winsipolicy.p7b files in %systemroot%\Boot\EFI and %systemroot%\WinSxS and delete both files.
4. Reboot into PE (you will not be able to access ESP normally as no Command Prompt is available).
5. Mount ESP (EFI System Partition), locate winsipolicy.p7b in %root%\EFI\Microsoft\Boot and delete it as well.
6. Profit!

Install command: dism.exe /apply-image /imagefile:windows10shacked.wim /index:1 /applydir:?:\
Install tutorial:    • Manually installing Windows 10  

Links:
Windows 10 S (Hacked) - https://files.enderman.ch/uploads/Win...

Windows 10 S (Installer) - https://files.enderman.ch/uploads/Win...
Windows 10 S (ESD) - https://files.enderman.ch/uploads/162...

Device Guard basics (in Russian) - https://go.enderman.ch/yC3W7
App Control for Business - https://go.enderman.ch/vmXpZ
PKCS7 certificates - https://go.enderman.ch/cBCqG

Password:
mysubsarethebest

Timestamps:
0:00 - Intro
0:22 - History of S Mode
1:36 - Acquiring the image
2:59 - Installing
4:14 - Early ideas
5:14 - Boot Command Prompt Exploit (BCPE)
6:30 - Boot Task Manager Exploit (BTME)
7:25 - Major breakthrough
8:09 - Device Guard settings
9:29 - WDAC Policies
11:06 - Malware removal
13:00 - Outcome
13:36 - Final product
15:36 - Outro

Still got questions? Don't hesitate, send them to [email protected]!
Hope you have a great day!

#endermanch #experiments #windows