infosecn1nja
/
atomic-red-team
mirror of https://github.com/infosecn1nja/atomic-red-team.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create Disabling_Security_Tools.md

patch-5
rahmatnurfauzi 2018-02-25 17:01:31 +07:00 committed by GitHub
parent 797ee54f1a
commit 82f4f6078b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Windows/Defense_Evasion/Disabling_Security_Tools.md Normal file
View File

@ -0,0 +1,28 @@
# Disabling Security Tools
MITRE ATT&CK Technique: [T1089](https://attack.mitre.org/wiki/Technique/T1089)
## Terminate Anti-Virus Processes
`Taskkill /F /IM avprocess.exe`
## Disable Firewall
`netsh firewall set opmode disable`
## Stop Windows Security Center
`net stop wscsvc`
## Stop Windows Defender
### Windows 7/8
`net stop windefend`
### Windows 10
`PS > Set-MpPreference -DisableRealtimeMonitoring $true`
## Disable Default Web Site Logging IIS 7
### Disable Default Web Site Logging IIS 7
`%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/httpLogging /dontLog:"True" /commit:apphost`
### Restart Default Web Site IIS 7
`%windir%\system32\inetsrv\appcmd.exe stop site /site.name:"Default Web Site" && %windir%\system32\inetsrv\appcmd.exe start site /site.name:"Default Web Site"`