jesko

One way to avoid any magic would be that PowerShell inspects a list of exceptions that the user can configure themselves. It could be as simple as a JSON file...

Alright. Still not sure how to handle this in the most graceful manner. I can fix [`is_powershell_process`](https://github.com/binref/refinery/commit/fcc36d8aa9bebf779a07d7363359fa01dc3a684b#diff-6d8f2d361bbfb7e59c1fd88966b864ed7a7e22b014403db1a37352ad6ce3a5ceR62) to include a check for `pwsh.exe`, but what I would like best would...

I finally sat down to do some of this. I have a question: Would you agree to having the test samples I have procured added to the repository using git-lfs?...

PS: Since they are potential malware samples, I would store them in a quarantine format (XOR-encrypted with a fixed key and compressed).

I understand. Unfortunately, it is beyond my understanding of the ISO format to do this, and on my fork I still have 8 samples where I don't even have any...

I have only attempted to run it programmatically; this is also my use case.

I also have this problem. To explain the requirement more: Sometimes, I have console tasks that take a long time to process, and I prefer to have them running in...

I have quite the commodity sample here that does what I describe. The file with the following SHA-256 hash is an AgentTesla sample available from VT: ``` b3b7376c5046be978b5558e91a515c1bf57c13a1151d225745c2bdc3183e0a8f ``` If...

Ok so ... "bad" news: I [cannot reproduce this in the CICD tests](https://github.com/binref/refinery/actions/runs/7044665033). And even though the coverage for `vstack` isn't great, [I am covering that import](https://app.codecov.io/gh/binref/refinery/blob/master/refinery%2Funits%2Fformats%2Fexe%2Fvstack.py?branch=master#L72). I am wondering...

Oddly enough, on a vanilla Python 3.12 install in Windows, importing `distutils` just works, there is no hint of deprecation: ``` Python 3.12.0 (tags/v3.12.0:0fb18b0, Oct 2 2023, 13:03:39) [MSC v.1935...