Despite the Rubeus binary being packed using for example NimSyscallPacker or NimCrypt 2 and AMSI manually patched on top of that, Defender still detects Rubeus when using the s4u command. Other commands such as monitor works fine. I guess this is due to s4u using Kekeo code. Any way around this without disabling Defender?
Thanks!
Despite the Rubeus binary being packed using for example NimSyscallPacker or NimCrypt 2 and AMSI manually patched on top of that, Defender still detects Rubeus when using the
s4ucommand. Other commands such asmonitorworks fine. I guess this is due tos4uusing Kekeo code. Any way around this without disabling Defender?Thanks!