Andrew LeFevre

> Sometimes malware will decode data in global variables. If we blindly drop decoded strings that came from the .data section, we'd miss some strings. That makes sense, but that...

For example, here is the result of running my test snip with this modification, running against the lab 13 binaries: ``` for dec_str in decoded_strings: in_section = False for segstart,...

If it helps, output of running floss against all the lab binaries, while checking if the decoded strings matched static strings and if they were found in a PE section:...

No problem! What I've gathered from running that script, is that any decoded string that matches a static string, whether found in a PE section or not, is not a...

Yeah think I messed up fixing merge conflicts

I don't think so, Teleport 7 isn't supported now that 10 is out, and this was backported to 8 and 9 so I think it's safe to close this.

@jakule gotcha, I was initially using a PR that added port forwarding to guide what code I should change, didn't exactly understand what the extensions were for. I'll remove that.

> @capnspacehook Haven't looked in detail yet, but one comment from the product team is that we should have an option in the RBAC to disable SFTP. Maybe an option...

I made some changes to how `tsh` will be changed after talking with @r0mant, I'd appreciate another review

Also just thought of this, should the SCP event be modified to add a field specifying what protocol was used? And should an event be added when a file copy...