小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!
扫描关注小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!

微信扫一扫加我哦~

Defeat-Defender免杀项目

小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!2021-06-02红蓝对抗 3844 0A+A-

Defeat-Defender免杀项目

https://github.com/swagkarna/Defeat-Defender

Bypasssing Windows-Defender Techniques :

Recently Windows Introduced new Feature called "Tamper Protection".Which Prevents the disable of real-time protection and modifying defender registry keys using powershell or cmd...If you need to disable real-time protection you need to do manually....But We will disable Real Time Protection using NSudo without trigerring Windows Defender

After it got admin permission it will disable defender

  1. PUAProtection

  2. Automatic Sample Submission

  3. Windows FireWall

  4. Windows Smart Screen(Permanently)

  5. Disable Quickscan

  6. Add exe file to exclusions in defender settings

  7. Disable Ransomware Protection

image.png

image.png

文章关键词
免杀
红蓝对抗
内网
笔记
手册
发表评论