So lately I've been trying to make a Powershell script which will make me a reverse shell in my own environment, and the reverse shell script works fine except a tiny problem, which is when you try to launch it. Since I'm trying to create a reverse shell on a Windows machine, and the machine has Windows Defender on (and Real time protection on), when you launch it, Defender detects it and cancels it.
So now I've been trying to find a way to turn off Real time monitoring and I actually found a way with which should make you be able to turn it off:
Set-MpPreference -DisableRealtimeMonitoring $true
(You should also be able to use -drtm instead of -DisableRealtimeMonitoring and can also use 1 instead of $true if I'm right, but please correct me if not)
Long story short it doesn't work even if you launch PS with administrator permissions and real time monitoring can only be turned off from the GUI.
Users who have a better understanding in this topic, could you explain me what's the issue here, or confirm that it was maybe just disabled so it makes it harder for hackers to compromise a system? Any help will be appreciated!
[link] [comments]
from hacking: security in practice https://ift.tt/2ZnElu2
Comments
Post a Comment