Merge pull request Pennyw0rth#344 from n00py/main

Add EnumAV Detection for Cortex XDR

Author: NeffIsBack

nxc/modules/enum_av.py

@@ -247,6 +247,14 @@ def LsarLookupNames(self, dce, policyHandle, service):
             "services": [{"name": "CSFalconService", "description": "CrowdStrike Falcon Sensor Service"}],
             "pipes": [{"name": "CrowdStrike\\{*", "processes": ["CSFalconContainer.exe", "CSFalconService.exe"]}]
         },
+        {
+            "name": "Cortex",
+            "services": [
+                {"name": "xdrhealth", "description": "Cortex XDR Health Helper"},
+                {"name": "cyserver", "description": " Cortex XDR"}
+            ],
+            "pipes": []
+        },
         {
             "name": "Cybereason",
             "services": [