Is there a way to execute multiple abilities (using the powershell executor) with one spawned powershell.exe? #2929
Labels
Comments
|
Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/ |
|
I don't think what you're asking is possible, since that's how the code seems to do things. You should probably check this if you want to delve deeper. Thus, if using the same powershell process is important to you, having a single ability should be the simpler solution, compared to changing the agent's code. |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
When I execute the adversary profile with all abilities using PowerShell as the executor, the "splunkd.exe" process on the target machine first spawns two processes: a conhost.exe and a powershell.exe. This powershell.exe executes the "Indicator Removal on Host: Clear Command History" ability consistently.
After this, multiple powershell.exe processes are spawned, each corresponding to an ability from the adversary profile. Is there a way to run all the abilities sequentially with one spawned powershell.exe process, assuming successful execution on the target machine? Alternatively, should I consider creating a custom ability that integrates all the necessary commands and payloads of these individual abilities?
Thank you
The text was updated successfully, but these errors were encountered: