an0n on Twitter: "detecting EDR services remotely without admin privs. indicators: - installed services: [MS-LSAT] LsarLookupNames() - running processes: named pipes (there are some characteristic to EDRs) needs some more testing and cleanup before release, but looks like promising. https://t.co/2U7dFUDzFV" / Twitter
https://twitter.com/an0n_r0/status/1619145879591735297