Brian Maloney

Yes. You need the certificate thumbprint to export the certificate and public key with mimikatz.

If you change Suppress Path="Security">*[EventData[Data[1]="S-1-5-18"]] To Suppress Path="Security">*[EventData[Data[5]="S-1-5-18"]] It cuts down on System events without losing insight as to where users are logging in.

I see your point on the memory image size. I was thinking of it in the aspect of the images already being on the box containing Evolve. I like the...

Thank you for all your hard work. I didn't even think of a selector for the memory profile. That's awesome. Been a little busy. Sorry for not getting back to...

Thanks for keeping me updated.

This could also be achieved if evole created a volatilityrc config file for the image. This would also segnificantly speed up Win 8-10 images.

Just a heads up. Newer versions of OneDrive no longer use ObfuscationStringMap.txt. It now uses a key to obfuscate the log. It is not known, at this time, how the...

You can create an indeterminate progress. This is how I implemented it: ```python import pyi_splash def splash_loop(): count = 0 direction = 'right' while pyi_splash.is_alive(): move = '\u0020' * count...

You also need to adjust the .spec file as @rokm suggested.  You can look at OneDriveExplorer’s GUI and .spec file to see how I set it up. https://github.com/Beercow/OneDriveExplorer

Haven’t fully looked into it yet but I know it works with pyinstaller 4.9 but it didn’t with 4.10. Haven’t trying 5.