Forward from: Offensive Twitter
😈 [ 𝙻𝚊𝚠𝚛𝚎𝚗𝚌𝚎 @zux0x3a ]
Released .NET tool for extracting Windows Defender exclusions & ASR rules! 🌟
🔹 Works from low user context .
🔹 Supports local & remote queries
🔹 Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
🔹 Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
🔹 Displays results in a clean, tabulated format
works smoothly with inline-assembly!
🔗 https://github.com/0xsp-SRD/MDE_Enum
🐥 [ tweet ]
Released .NET tool for extracting Windows Defender exclusions & ASR rules! 🌟
🔹 Works from low user context .
🔹 Supports local & remote queries
🔹 Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
🔹 Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
🔹 Displays results in a clean, tabulated format
works smoothly with inline-assembly!
🔗 https://github.com/0xsp-SRD/MDE_Enum
🐥 [ tweet ]