xct's notes
Search…
Static Analysis

Windows Defender

You can use DefenderCheck to split in a binaries into pieces, identifying the parts that trigger a detection.
Another tool would be Find-AVSignature for this (gist):
1
. .\Find-AVSignature.ps1;Find-AVSignature -StartByte 0 -EndByte max -Interval 10000 -Path C:\Users\xct\payload.exe -OutPath C:\Users\xct\out -Verbose -Force
Copied!
Last modified 11mo ago
Copy link