Microsoft Windows Defender Bypass (Research)

Microsoft Windows Defender Bypass (Research)

GMER

• http://www.gmer.net/

Fancy Defender evasion? RegLoadKey, RegUnloadKey or NtLoadKey, NtUnloadKey

1. Export CurrentControlSet to a file
2. Edit path in a file
3. Import a file as new ControlSet
4. Change “Select” values to new one
5. Reboot

https://www.linkedin.com/posts/grzegorztworek_fancy-defender-evasion-yet-another-method-ugcPost-7090917993022443520-YXY9?utm_source=share&utm_medium=member_desktop

CrowdStrike Bypass

• https://www.horangi.com/blog/bypassing-crowdstrike-falcon
• https://www.sans.org/blog/cracked-brute-ratel-c4-framework-proliferates-across-the-cybercriminal-underground/
• https://www.bleepingcomputer.com/news/security/alleged-source-code-of-cobalt-strike-toolkit-shared-online/
• https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf
• https://twitter.com/NinjaParanoid
• https://bruteratel.com/tabs/features/

Red Team Tools

• Siliver – https://github.com/BishopFox/sliver
• Mystic – https://github.com/its-a-feature/Mythic
• Covenant – https://github.com/cobbr/Covenant

Reference

• http://www.detectx.com.au/bypass-av-edr-remoting/
• http://www.detectx.com.au/bypassing-av/
• https://securitytrails.com/blog/red-team-tools
• https://securitytrails.com/blog/red-team-tools
• https://cybersecuritynews.com/red-team-tools/
• https://github.com/A-poc/RedTeam-Tools
• https://www.pluralsight.com/paths/red-team-tools
• https://bishopfox.com/blog/9-red-team-tools
• https://www.techtarget.com/searchsecurity/tip/5-open-source-offensive-security-tools-for-red-teaming