XiaoliChan
XiaoliChan
> @XiaoliChan does this PR still need to be open? let me review it
@NeffIsBack Oh, this exception is found in real-world attacks, and now the red team op is ended.
@0xb11a1 This is an awesome technique, any reference to this? I just know that [RawCopy](https://github.com/jschicht/RawCopy) can do this, but I don't know how to calculate the buf/offset stuff.
Consider use this https://github.com/skelsec/anfs
Maybe got detection by EDR/AV, what is the target system version?
@h0ny That makes sense, it probably got detected by EDR/AV
Wow, this is awesome!!!!
@NtAlexio2 BTW, could you add the test case in https://github.com/fortra/impacket/blob/master/tests/SMB_RPC/test_wmi.py ?