philhagen
commented
3 months ago Not sure what the question is, but there are certainly tools that could be considered harmful installed in the VM. You'd likely need to request an exception after justifying the investigative nature of the overall VM.
Hi,
Interestingly, our security team had flagged SIFT as a risky set of tools that attackers could use (LOTL risk) if domain connected endpoints are compromised. It seems like a shallow argument but would really appreciate your expert and firm view on this.
Many thanks! Faizul