• @[email protected]
      link
      fedilink
      English
      54 months ago

      Yeah easily could be if someone looked.

      Generally it’s a safe assumption that your employer machine is fully compromised by them at ring-0 level, meaning they can see anything and everything from your browser history to your RAM, though the features of Crowdstrike specifically are fairly limited in that regard.

      Now whether it will trigger an alert by itself or not depends.

      Crowdstrike will often fire events for unrecognised scripts that match some heuristics, e.g. on Unix likes a lot of input redirects (pipe or >) or scripts over certain char length seemingly tend to be picked up.

      We often get false positives from various IDEs using long tool chains on a CLI under the hood when compiling programs on dev machines for instance. System shells (bash, ksh, zsh, powrshell, cmd.exe) tend to produce more false positives than e.g. something like Python, so I assume they have much more aggressive detection.

      In that case AHK is probably better as long as it’s possible to install.

      I wouldn’t worry too much about being caught. Most cybersec teams and IT are so stretched and we’re not narcs on average.

      Just keep in mind that if you do this you should be able to afford losing the job in extremely unlucky circumstances.