Mathieu Geli

I think it is very relevant for people working with an external auth provider and not willing to disseminate authentication base on each apps deployed. What I'm thinking of is...

Hi Etienne, actually coming from reGeorg had the problem, as you mentionned tested with `set Proxies` msf command, and as well with `proxychains ./msfconsole`. Same behavior with a different log,...

Yeah using `linux/x64/meterpreter/bind_tcp`. I feel there is something cheesy during the `recvfrom(size=mettle_size)` made by the stage1. About stage encoding I'm not sure it has something to do with the problem....

So after some debugging the problem is arising after the first `read(sockfd, *newmmaped_rwx_mem, 0x7e)` (0x7e is the size of the stage1 that will bootstrap Mettle via an `mmap` + `rcvfrom`...

Yes for instance, or the opensource https://github.com/tarcisio-marinho/GonnaCry that could be "defused", but still valid to asess any detection logic on the defense side.

If I find some code that trigger ransomware detection logic on Linux falcon sensor, I will update here. For the moment it seems there is only event dedicated to ransomware...

As I mentioned previously the original binary is getting a prevention with a generic alert. Additionally a fresh build will not be prevented nor detected.

Naive attempt to fix the issue: ``` cpp diff --git a/examples/server/server.cpp b/examples/server/server.cpp index 7813a295..e9889594 100644 --- a/examples/server/server.cpp +++ b/examples/server/server.cpp @@ -969,6 +969,8 @@ struct server_context { (prompt->is_array() && prompt->size() ==...

> Support would be really nice to have because now there is the offical llama 3.2 in 1b and 3b which should be suitable for 8/70b 3.1, at least according...