Jump to content

Recommended Posts

Posted

Hello guys,

I've got a question considering antivirusses blocking rubber ducky payloads.

I see all these .exe payloads like chromepass.exe and wirelesskeyview.exe being used in rubber duckies.
Doesn't the antivirus of the attacked PC block the .exe programs when they start running from cmd? Or will it just work normally?

If that is the case, this script can disable Windows Defender easily.
Most PCs dont have windows defender as the only protection tho, so it is needed to disable other antivirusses, right?

Most antivirusses can be shut off with the taskkill command, i tried killing my MalwareBytes and it worked: (remove " ")

taskkill /f /im "Insert antivirusprogram name here.exe"


Can someone help me out with this? I want to know if im just being dumb here, since all of this might not be needed.

Thanks in advance

  • 2 weeks later...
Posted

Try it in VM by having MalwareBytes open and run some known malware (make sure it gets detected) then run the command and run it again and see if its picked up?! However if windows defender is on not sure you can disable it with that command (try it) :D   

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...