SentinelOne
Contributed By: Dray Agha (@purp1ew0lf)
A legitimate PowerShell script associated with SentinelOne includes encoded PowerShell, AMSI bypass encoding, as well as strings for offensive security commands such as Invoke-Mimikatz
. If running another security solution—like Defender—it may flag this SentinelOne legitimate PowerShell activity as malicious.
![](https://user-images.githubusercontent.com/44196051/175350006-80b3e74b-1626-4b51-8ec2-e0fc8ada5ed1.png)