SentinelOne
2023-09-13 by Dray Agha (@purp1ew0lf)
EDRs 🤝 Malware
Encoded PowerShell
A legitimate PowerShell script associated with SentinelOne includes encoded PowerShell, AMSI bypass encoding, as well as strings for offensive security commands such as Invoke-Mimikatz. If running another security solution—like Defender—it may flag this SentinelOne legitimate PowerShell activity as malicious.