You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
here very strange situation: its not blocked directly (no notifications from WD and so on) but its not worked. Those - if I turn off WD - its fine, all goes well.
But then its running - no way: empire and WCMDump just "dies" without any messages:
Hi,
I tested several scripts, the results are as follows:
1 ) mimikatz - access denied. If I turn off WD - its not worked but with diffrent errors, so - its another story, but defender some catches it anyway.
2 ) empire http listener and https://raw.githubusercontent.com/peewpw/Invoke-WCMDump/master/Invoke-WCMDump.ps1
here very strange situation: its not blocked directly (no notifications from WD and so on) but its not worked. Those - if I turn off WD - its fine, all goes well.
But then its running - no way: empire and WCMDump just "dies" without any messages:
C:\DISTR\POWERLINE\PowerLine-master\PowerLine-master\PowerLine>PowerLine.exe Invoke-WCMDump "Invoke-WCMDump"
Command Invoked: Invoke-WCMDump
C:\DISTR\POWERLINE\PowerLine-master\PowerLine-master\PowerLine>
So, something has changed in WD and its rules - maybe you have some clues how solve it?
Especially interested in the option with Empire
The text was updated successfully, but these errors were encountered: