It's been a while since I posted. I found another method for evading AV/EDR, and this time, it took nothing special at all. I used an unmodified version of impacket secretsdump.py. Didn't use the "useVSSMethod" option. I saw one thing in the logs for this, and that alert wasn't shown because it's "too noisy", so I'm looking through the logs to see if there's anything I can use to detect this. So far, I haven't seen anything in this particular solution.
No comments:
Post a Comment