Closed mubix closed 5 years ago
Also look at: https://github.com/mubix/bliizard_escalation
Thanks for your work on this, but the base version needs to be as lean as possible to ensure attackers can't used missing locations on victim computers to hide.
Yes it's called Agent.exe, yes it's in ProgramData Yes it's in a subfolder with a build number like
Agent.6082
so it's nearly impossible to exclude right. Mostly I'm making this pull request as a way to ping the community as a way to fix this.