Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detected by AV #10

Open
azzarin opened this issue Sep 24, 2016 · 3 comments
Open

Detected by AV #10

azzarin opened this issue Sep 24, 2016 · 3 comments

Comments

@azzarin
Copy link

azzarin commented Sep 24, 2016

Not sure if i can call it an issue. Its kinda good tho.
But i noticed that the AV (Windows Defender) does notice the script.

At line:1 char:1

  • function Invoke-Mimikatz
  • This script contains malicious content and has been blocked by your antivirus software.
At line:1 char:1
@iNoSec
Copy link

iNoSec commented Aug 31, 2018

thats why you always run in memory... all that touch the disk will be detected... Learn very few basics form powershell and IT in general is a must to learn

@azzarin
Copy link
Author

azzarin commented Aug 31, 2018

Ofc my dude. I cannot even remember the case on this. Two years ago. But I believe AV triggerd even when it was running in memory. So I do not understand your reply iNoSec

@Alparu
Copy link

Alparu commented Dec 14, 2018
edited
Loading

allthough its pretty late i must say that the code is detectable by AV (even when used in memory)
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=HackTool%3aWin32%2fMikatz!dha&threatid=2147706304

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@azzarin @iNoSec @Alparu