Defender
Microsoft Defender
Download stager without triggering Defender to scan it:
Coerce the victim machine to reach the attacker (to steal Net-NTLM):
Exclusions
Add path to exclusions:
Test path for an exclusion:
Disable Defender
gpedit.msc > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection > Turn off real-time protection > Enabled ✔
gpedit.msc > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Turn off Microsoft Defender Antivirus > Enabled ✔
Disable real-time protection (proactive):
Disable scanning all downloaded files and attachments, disable AMSI (reactive):
Remove signatures (if Internet connection is present, they will be downloaded again):
Clear threats history manually:
Lower Token Integrity
Last updated