WTFBins

  • SentinelOne


    Contributed By: Dray Agha (@purp1ew0lf)

    A legitimate PowerShell script associated with SentinelOne includes encoded PowerShell, AMSI bypass encoding, as well as strings for offensive security commands such as Invoke-Mimikatz. If running another security solution—like Defender—it may flag this SentinelOne legitimate PowerShell activity as malicious.