Engin Demirbilek
  • Intro
  • [Pinned] Community
  • OSWE Review
  • Code Pieces
    • C++: Shellcode Launcher
    • C++: Dynamic DLL Usage
    • C++: Sendin HTTP GET Request
    • C++: Sandbox Detection via Registry
    • C++: Enumerating Environment
    • C++: Dll Injection
    • VBA: HTTP File Dropper
    • Environment Enumeration via Pshell & Cmd
  • Projects
    • Reverse Shell Exploit chain With AV Bypass
    • Execute Shellcode Launcher with Dll Injection
    • Bypassing AVs with simple XOR
    • Bypassing Defender with Exclusion List
  • Vulnerability Research
    • [TR] Centreon 19.10.8 Remote Code Execution
    • [TR] rConfig 3.94 Remote Code Execution
    • [TR] PANDORAFMS 7.0 REMOTE CODE EXECUTION x4
  • Pentest Notes
  • An Uncommon OSINT way to Juicy Files
  • GraphQL Testing Tips
  • Server Side Request Forgery (SSRF)
Powered by GitBook
On this page
  • Objective
  • Requirements
  • Idea
  • Scenario / Action
  • References

Was this helpful?

  1. Projects

Bypassing Defender with Exclusion List

Objective

Add your malware to Defender's exclusion list. So it wont be scanned in the feature.

Requirements

This action requires administrator privileges. And also you should be able to use powershell.

Idea

Infiltrate into computer physically and/or send a dropper which is able to elavate its privileges then drop the real malware.

Scenario / Action

  • Send a dropper via spear pishing.

  • Elevate privileges via UAC bypass or other exploits.

  • Create a folder in the victims computer.

  • Add created folder into Windows Defender's exclusion list.

  • Drop real malware into created folder.

  • Execute the malware.

Powershell Command

 Add-MpPreference -ExclusionPath "Path of folder or file"

References

PreviousBypassing AVs with simple XORNext[TR] Centreon 19.10.8 Remote Code Execution

Last updated 3 years ago

Was this helpful?

Microsoft, Add-MpPreference,

https://docs.microsoft.com/en-us/powershell/module/defender/add-mppreference?view=windowsserver2019-ps
Windows Defenders Exclusion List