AV detected

[byehack]

I also noticed Eset-node32 detected commons/common.py.

[byehack]

maybe https://github.com/SecureAuthCorp/impacket/pull/1296 is solution? remove Katz from names and strings.

[skelsec]

TL;DR I will not be modifying code in a PUBLIC repo to evade AV detection, as it it totally pointless. If you submit a PR for this with minor modifications then we can discuss, but be aware it will work for like... a few months before it gets detected again. (been there, done that)

hello, AV/EDR/DDR/XDR vendors are detecting this tool. This is expected.
If I modify the code then it will not be detected for a few months, then it will be detected again. This is expected. I'm not going to introduce major changes to the code just to avoid detection, because as soon as I make it public guess what: it will be detected again. This is expected. So, in case you wish to use this project to do the dumping + parsing on a Windows machine I suggest to modify it yourself locally up to a point where it's not going to be detected, and do not make it public ;)
In general however I'd like to point out that dumping (and only the dumping) of lsass or acquiring DAPI files etc can be done with other tools which are much more sophisticated compared to compiling pypykatz into an executable which will by design generate a lot of file creation/deletion, will be enormous in size etc. Using pypykatz this way is not the intended purpose of the project, the main goal is -as always- to parse lsass dumps and other files which hold secrets.

[byehack]

So, in case you wish to use this project to do the dumping + parsing on a Windows machine I suggest to modify it yourself locally up to a point where it's not going to be detected, and do not make it public ;)

Thanks, I did modify locally. and bcz you said don't public it, i won't send PR for it. btw I don't close this issue, perhaps a better workaround found.