mgeeky
commented
5 years ago I've addressed my own issue in PR#50.
Closed mgeeky closed 5 years ago
rvazarkar
commented
5 years ago I addressed this issue with my own commit https://github.com/BloodHoundAD/SharpHound/commit/e763032fa714d7291ed86e39f9e38bf0f405b293
The machine specific cache file name is generated using the machine sid of the local machine, so changing hostnames wont mess it up. It also renames the old BloodHound.bin on run to the new format so cache files aren't lost.
rvazarkar
commented
5 years ago Thanks for the suggestion!
Hi,
According to my field experience - default artifact's name raises an immediate alert from various EDR/HIPS agents, like FireEye HX. I'd like to propose a way to generate host-dependent unique name, that would be for instance generated from tuple of ($Env:Hostname, $Env:Username, $Env:Userdnsdomain). Such a tuple could then be fed to some kind of hashing/mangling function that would create randomized cache file effectively bypassing simple artifact-based HIPS rules.