OperatorsKit/KIT/EnumExclusions/enumexclusions.cna

# author REDMED-X

beacon_command_register(
	"enumexclusions", "Check the AV for excluded files, folders, extentions and processes.",
	"INFO:\nCheck the AV for excluded files, folders, extentions and processes. Currently only Windows Defender exclusions are supported.\n\n" .
	"USAGE:\nenumexclusions\n\n");
	
alias enumexclusions {
    $bid = $1;
	
    # Read in the right BOF file
    $handle = openf(script_resource("enumexclusions.o"));
    $data   = readb($handle, -1);
    closef($handle);

    # Pack our arguments
    $arg_data  = bof_pack($bid);

    blog($bid, "Tasked to enumerate exclusions..");
    beacon_inline_execute($bid, $data, "go", $arg_data);
}