예제 #1
0
        public void ShouldDetectAmsiBypass()
        {
            Runspace.DefaultRunspace = RunspaceFactory.CreateRunspace();
            Runspace.DefaultRunspace.Open();

            var amsiBypass = new AmsiBypass();

            Assert.True(amsiBypass.Analyze(new ScriptContext
            {
                Script = Resource1.AmsiBypass
            }, null));
        }
예제 #2
0
        public void ShouldNotThrowNull()
        {
            Runspace.DefaultRunspace = RunspaceFactory.CreateRunspace();
            Runspace.DefaultRunspace.Open();

            var amsiBypass = new AmsiBypass();

            Assert.False(amsiBypass.Analyze(new ScriptContext
            {
                Script = "Invoke-Mimikatz"
            }, null));
        }