Wietze

This would be expected behaviour though I suppose? >`msinfo32.exe` > System Information - display details about hardware configuration, computer components, software and drivers. https://ss64.com/nt/msinfo32.html The specific command bypasses the GUI,...

If we decide to adopt this, we have a couple of options: 1. File in repo, either: - Updated manually - Updated automatically via GitHub Actions 2. Rendered file on...

Just saw your tweet, cool stuff. Will do my best to review this PR soon, it's a big one!

Added 'tamper' and 'conceal' in LOLBAS-Project/LOLBAS-Project.github.io@d9405c164630633bbbe7332bb75e5595d8f8d2c0 . A category for uninstalling security software seems to be in line with 'Tamper'? Closing this issue for now, feel free to reopen

Thanks @oppiman, well spotted, you're right in both cases. Both issues were also identified in another pull request (#186) and have been fixed accordingly ([cl_loadassembly.ps1](https://github.com/LOLBAS-Project/LOLBAS/pull/186/files#diff-0eef12f167583ee7217d7c6601eaa118f49569f1fa006819fc51bb27ea7eee3c), [utilityfunctions.ps1](https://github.com/LOLBAS-Project/LOLBAS/pull/186/files#diff-ceb0d882aba26d4b14404ffa4184cc92a5344d3c5881b7e54bdc8a7d226a831f)). Hopefully this pull request...

The following repo seems to contain official Azure Sentinel rules that may apply to the entries in this project: https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries/SecurityEvent

FWIW, msdt has been [tagged](https://lolbas-project.github.io/lolbas/Binaries/Msdt/) as a GUI-based LOLBAS now.

I agree that although this utility certainly could be of use to an attacker, the functionality appears to be intended, and as such this project is not the right fit...

Thanks for your additions @mrd0x , much appreciated.

> My recommendation would be to change this up to an ADS ability and proceed if others agree to merge. Sounds good @xenoscr, I agree with your assessment.