trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More Defender removal code

Browse Source
This commit is contained in:
Chris Long
2020-05-07 14:07:21 -07:00
committed by GitHub
parent 7c2006b704
commit 614f3148e3
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Vagrant/scripts/install-redteam.ps1
View File

@@ -2,7 +2,7 @@
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..."
# Windows Defender should be disabled already by O&O ShutUp10
# Windows Defender should be disabled already by O&O ShutUp10 and the GPO
If ($hostname -eq "win10") {
# Adding Defender exclusions just in case
Set-MpPreference -ExclusionPath "C:\Tools"
@@ -10,6 +10,17 @@ If ($hostname -eq "win10") {
Add-MpPreference -DisableRealtimeMonitoring $true
}
# Windows Defender should be disabled already by the GPO, sometimes it doesnt work
If ($hostname -ne "win10") {
# Adding Defender exclusions just in case
Set-MpPreference -ExclusionPath "C:\Tools"
Add-MpPreference -ExclusionPath "C:\Users\vagrant\AppData\Local\Temp"
Add-MpPreference -DisableRealtimeMonitoring $true
# Uninstalling Windows Defender (https://github.com/StefanScherer/packer-windows/issues/201)
Uninstall-WindowsFeature Windows-Defender
Uninstall-WindowsFeature Windows-Defender-Features
}
# Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..."
# GitHub requires TLS 1.2 as of 2/27