Offensive Twitter dan repost
π [ π»ππ πππππ @zux0x3a ]
Released .NET tool for extracting Windows Defender exclusions & ASR rules! π
πΉ Works from low user context .
πΉ Supports local & remote queries
πΉ Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
πΉ Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
πΉ Displays results in a clean, tabulated format
works smoothly with inline-assembly!
π https://github.com/0xsp-SRD/MDE_Enum
π₯ [ tweet ]
Released .NET tool for extracting Windows Defender exclusions & ASR rules! π
πΉ Works from low user context .
πΉ Supports local & remote queries
πΉ Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
πΉ Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
πΉ Displays results in a clean, tabulated format
works smoothly with inline-assembly!
π https://github.com/0xsp-SRD/MDE_Enum
π₯ [ tweet ]