Skip to content

Instantly share code, notes, and snippets.

@shortstack

shortstack/Windows.Application.LimaCharlieInstall.yaml

Last active October 22, 2023 20:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shortstack/47c53f2035dfa64a790208a928e339b0 to your computer and use it in GitHub Desktop.
Save shortstack/47c53f2035dfa64a790208a928e339b0 to your computer and use it in GitHub Desktop.
Download ZIP
Velociraptor artifact to deploy the LimaCharlie EDR sensor
Raw
Windows.Application.LimaCharlieInstall.yaml
name: Windows.Applications.LimaCharlieInstall
author: Whitney Champion (@shortxstack)
description: |
This artifact installs the LimaCharlie EDR sensor.
tools:
- name: LimaCharlieBinary
url: https://downloads.limacharlie.io/sensor/windows/64
serve_locally: true
precondition: SELECT OS From info() where OS = 'windows'
required_permissions:
- EXECVE
parameters:
- name: InstallationKey
default:
sources:
- query: |
LET bin <= SELECT * FROM Artifact.Generic.Utils.FetchBinary(
ToolName="LimaCharlieBinary")
SELECT * FROM execve(argv=[bin[0].FullPath, "-i", InstallationKey])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment