You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I execute the adversary profile with all abilities using PowerShell as the executor, the "splunkd.exe" process on the target machine first spawns two processes: a conhost.exe and a powershell.exe. This powershell.exe executes the "Indicator Removal on Host: Clear Command History" ability consistently.
After this, multiple powershell.exe processes are spawned, each corresponding to an ability from the adversary profile. Is there a way to run all the abilities sequentially with one spawned powershell.exe process, assuming successful execution on the target machine? Alternatively, should I consider creating a custom ability that integrates all the necessary commands and payloads of these individual abilities?
Thank you
The text was updated successfully, but these errors were encountered:
Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/
I don't think what you're asking is possible, since that's how the code seems to do things. You should probably check this if you want to delve deeper.
Thus, if using the same powershell process is important to you, having a single ability should be the simpler solution, compared to changing the agent's code.
Hi,
When I execute the adversary profile with all abilities using PowerShell as the executor, the "splunkd.exe" process on the target machine first spawns two processes: a conhost.exe and a powershell.exe. This powershell.exe executes the "Indicator Removal on Host: Clear Command History" ability consistently.
After this, multiple powershell.exe processes are spawned, each corresponding to an ability from the adversary profile. Is there a way to run all the abilities sequentially with one spawned powershell.exe process, assuming successful execution on the target machine? Alternatively, should I consider creating a custom ability that integrates all the necessary commands and payloads of these individual abilities?
Thank you
The text was updated successfully, but these errors were encountered: