We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Current implementation of proclist plugin uses win32_ps_list_procs() php function on Windows host.
proclist
win32_ps_list_procs()
Therefore, linux implementation is a simple system("ps -a"), which is OPSEC unsafe, an would probably trigger EDR alerts.
system("ps -a")
A better implementation should avoid relying on system command execution.
The text was updated successfully, but these errors were encountered:
would groveling through /proc on linux work, you think?
/proc
Sorry, something went wrong.
i think it's a lot better indeed @paralax ! anyway ps does that internally, directly reading on /proc is probably the best way
ps
No branches or pull requests
Current implementation of
proclist
plugin useswin32_ps_list_procs()
php function on Windows host.Therefore, linux implementation is a simple
system("ps -a")
, which is OPSEC unsafe, an would probably trigger EDR alerts.A better implementation should avoid relying on system command execution.
The text was updated successfully, but these errors were encountered: