While PR'ing on DonPAPI I realized that the recent files collector only looks for the following files:
While I understand it is to not download too much files, I believe there shouldn't be any type of mask. Right now, if I ever do a lsass dump as a regular administrator (who knows ?) DonPAPI will miss it. It will also misses powershell files, .env files and so many mores.
For that reason I'd like to know if it's possible to remove this whitelist.
Heyo!
While PR'ing on DonPAPI I realized that the recent files collector only looks for the following files:
While I understand it is to not download too much files, I believe there shouldn't be any type of mask. Right now, if I ever do a lsass dump as a regular administrator (who knows ?) DonPAPI will miss it. It will also misses powershell files, .env files and so many mores.
For that reason I'd like to know if it's possible to remove this whitelist.
Seeya :)