search

Qianlitp / WatchAD

AD Security Intrusion Detection System
GNU General Public License v3.0
1.29k stars 297 forks source link

Share name in unknownfileshare #25

Open Aixic-Love opened 4 years ago

Aixic-Love commented 4 years ago 
    if relative_target_name in ["protected_storage", "lsarpc", "samr", "ntsvcs", "NETLOGON"]:
        return

image This should be a known chang'j share name. image

Aixic-Love commented 4 years ago

winreg srvsvc lsass fileshare