StopDefender
所属分类:collect
开发工具:C++
文件大小:0KB
下载次数:0
上传日期:2022-11-04 19:22:32
上 传 者:
sh-1993
说明: 以编程方式停止Windows Defender,
(Stop Windows Defender programmatically,)
文件列表:
Img/ (0, 2022-11-04)
Img/TI2.png (58484, 2022-11-04)
Img/TIexec2.png (91001, 2022-11-04)
LICENSE (1065, 2022-11-04)
Presentations/ (0, 2022-11-04)
Presentations/[Rootedcon Valencia 2022] Kill -9 Windows Defender.pdf (2647615, 2022-11-04)
StopDefender.sln (1290, 2022-11-04)
StopDefender/ (0, 2022-11-04)
StopDefender/StopDefender.cpp (9429, 2022-11-04)
StopDefender/StopDefender.filters (1380, 2022-11-04)
StopDefender/StopDefender.vcxproj (8142, 2022-11-04)
StopDefender/StopDefender.vcxproj.filters (468, 2022-11-04)
StopDefender/ntdll.h (1286, 2022-11-04)
StopDefender/stdafx.cpp (318, 2022-11-04)
StopDefender/stdafx.h (354, 2022-11-04)
StopDefender/targetver.h (316, 2022-11-04)
StopDefender/util.cpp (2720, 2022-11-04)
StopDefender/util.h (697, 2022-11-04)
# StopDefender
Stop Windows Defender programmatically creating a new token using TrustedInstaller and Windefend service accounts.
One button stop action, no need for supply commandline options nor pid. Usefull for integration with Post Explotation frameworks.
# Blogpost
https://www.securityartwork.es/2021/09/27/trustedinstaller-parando-windows-defender/
# Presentations
Check Presentations folder
* [Rootedcon Valencia 2022] Kill -9 Windows Defender
# Credits
* https://github.com/slyd0g/PrimaryTokenTheft
* https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
* https://www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html
* https://docs.microsoft.com/en-us/windows/win32/com/impersonation-levels
* https://halove23.blogspot.com/2021/08/executing-code-in-context-of-trusted.html
* https://docs.microsoft.com/es-es/windows/win32/api/winsvc/ns-winsvc-service_sid_info?redirectedfrom=MSDN
* https://www.alex-ionescu.com/?paged=2&cat=2
* https://github.com/rbmm/DisableSvc
近期下载者:
相关文件:
收藏者: