-
### Description of the feature you're suggesting.
Currently, it's easy for EDR to detect a Flipper Zero. It would be really nice if a stealth mode could be configured in which USB and Bluetooth conne…
-
can you say in english, and how we can use ?
-
**Describe the bug**
I use a pretty typical custom schema setup (a pattern described in dbt docs) whereby dbt invocations against the target `prod` use the schema set in my project's yml files (the c…
-
Hi @mwrock, some EDR detect mallicious activities with the command
```powershell
powershell.exe -executionpolicy bypass -NoProfile -File .\test.ps1
```
I understand that just remove `-executi…
-
Hi. A recent install of the Win x64 version of this app triggered an EDR alert:
`"C:\WINDOWS\system32\cmd.exe" /C powershell -ExecutionPolicy Bypass -Command "& {Add-MpPreference -ExclusionPath "C…
-
**Is your feature request related to a problem? Please describe.**
I would like to see what process (name is fine) an implant is running as/under (like if we migrate), as well as the Integrity level …
-
Hello,
here is what happens when I try adding a record using `dnstool.py` (of course replacing the values for `DOMAIN`, `USER`, `PASSWORD`):
```
python3 /opt/krbrelayx/dnstool.py -u 'DOMAIN\USE…
-
Thank you for putting this together! I have been trying to get this to work; but am not having success. I'm using crowdstrike in my test environment and have compiled the cs unhooking C code into an E…
-
I've been looking for an answer to this for a while.
Do you have any idea as to why it is not possible to create a thread inside a process created by NtCreateProcess(Ex)? I guess unless it was create…
-
大佬demo6-unhook的RefleXXion(user.dll)代码能不能给一下