 |
Post Attiu5ReEB4LgR66tM by [email protected] |
 |
More posts by [email protected] |
|
Post #AttXIbURXO0oZNKT6e by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Neat way to disable Windows Defender...Register a no-op AV product in the Windo… |
|
|
|
Post #AttYhFDrZ2hKhat55E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann Can't you also disable Defender through Group Policy? |
|
|
|
Post #AttZ7qDAfAx2wyFJRY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@jernej__s Yes. |
|
|
|
Post #Attbv38XazAp8Rfkfo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann So, somebody finally figured it out.Why so complicated, though? C++, … |
|
|
|
Post #Attiu5ReEB4LgR66tM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann in theory for persistence you only need a service, self-register and … |
|
|
|
Post #Attm7q0aiTNPj0gsgi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann I assume this doesn’t work if Tamper Protection is enabled? |
|
|
|
Post #AttxQHqD4bEKkppnpA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@deepthoughts10 No, Tamper Protection does nothing to stop this. |
|
|
|
Post #Atu7K2JesgcQPOGcfQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann ugh 😣 |
|
|
|
Post #AtuHvjnhAWcpWsvtFg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann Thanks you just gave me my next hunt idea |
|
|
|
Post #Atuzk7ef37Es1JykAi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog @deepthoughts10 TBH, I've never really fully grok'd what T… |
|
|
|
Post #Atv6oomDMfS0b7hKc4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog @deepthoughts10 Tamper Protection usually implements ant… |
|
|
|
Post #AtxddmRdNcSaz2KtU0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann @GossiTheDog in that demo, it doesn’t look like you are using a man… |
|
|
|
Post #AtyPPc3Y0FIoVfNbjE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@deepthoughts10 @GossiTheDog Maybe? It's just a Windows 11 system that nor… |
|
|
|
Post #AtzPyoyAB7QHqvbs8G by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann @GossiTheDog understood. I’m just trying to figure out the risk pot… |
|
|
|
Post #Au0Cww7dVcJvDAluWO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@deepthoughts10 @GossiTheDog I'm happy to test what you consider a managed … |
|
|
|
Post #Au0CwwE17tQNWxl0T2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog There are several ways to manage a system and deploy the… |
|
|
|
Post #Au0CwwLSgDNZu3Ex4S by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog I did see this caveat in that documentation which may be… |
|
|
|
Post #Au0CwwSCHAlcEwOKZM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann @GossiTheDog but to get back to how you could test this? I've not… |
