trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More Defender removal code

Browse Source
This commit is contained in:
Chris Long
2020-05-07 14:07:21 -07:00
committed by GitHub
parent 7c2006b704
commit 614f3148e3
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Vagrant/scripts/install-redteam.ps1
View File

@@ -2,7 +2,7 @@
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..."
# Windows Defender should be disabled already by O&O ShutUp10 # Windows Defender should be disabled already by O&O ShutUp10 and the GPO
If ($hostname -eq "win10") { If ($hostname -eq "win10") {
# Adding Defender exclusions just in case # Adding Defender exclusions just in case
Set-MpPreference -ExclusionPath "C:\Tools" Set-MpPreference -ExclusionPath "C:\Tools"
@@ -10,6 +10,17 @@ If ($hostname -eq "win10") {
Add-MpPreference -DisableRealtimeMonitoring $true Add-MpPreference -DisableRealtimeMonitoring $true
} }
# Windows Defender should be disabled already by the GPO, sometimes it doesnt work
If ($hostname -ne "win10") {
# Adding Defender exclusions just in case
Set-MpPreference -ExclusionPath "C:\Tools"
Add-MpPreference -ExclusionPath "C:\Users\vagrant\AppData\Local\Temp"
Add-MpPreference -DisableRealtimeMonitoring $true
# Uninstalling Windows Defender (https://github.com/StefanScherer/packer-windows/issues/201)
Uninstall-WindowsFeature Windows-Defender
Uninstall-WindowsFeature Windows-Defender-Features
}
# Purpose: Downloads and unzips a copy of the latest Mimikatz trunk # Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..."
# GitHub requires TLS 1.2 as of 2/27 # GitHub requires TLS 1.2 as of 2/27