Chris

@[email protected]
6 Followers
14 Following
19 Posts
Infosec, Offensive Security, 3D Printing
ChrisMay 24, 2024
VessOnSecurityMay 24, 2024

Oh, cool somebody finally figured it out...

As you probably know, the Microsoft Security Center has an API that lets you query which AV is installed and whether it is up-to-date.

What is less well-known, is that it also has another, not publicly known API, that lets you tell it "I'm installing another AV now, please disable Defender". This is what all other AV products use. Microsoft has provided to them documentation of this API but under NDA.

Many years ago, I made a proof-of-concept - a small VBScript script that would use this API via WMI to "install" an imaginary AV, thus turning off Defender - but since it was based on information learned under NDA, I obviously couldn't make it public.

Now somebody has reverse-engineered the API from AVAST and has done pretty much the same (albeit a bit over-complicated) in C++:

https://github.com/es3n1n/no-defender

GitHub - es3n1n/no-defender: A slightly more fun way to disable windows defender + firewall. (through the WSC api)

A slightly more fun way to disable windows defender + firewall. (through the WSC api) - es3n1n/no-defender

GitHub
ChrisNov 29, 2022

OSCP progress: Yay, first BOF (Windows) completed, shell obtained!

Now I think I got a shot at this.

Question for those who got their OSCP or are through the course material: on a scale from 1 to 10 how difficult was your first BOF and how difficult on that scale was the most difficult thing from the course material for you?

ChrisNov 28, 2022

Continuing my PWK-200 course, now at Windows buffer overflows, searching for bad characters I have to cut from my shellcode. Does anyone know something helping with this? Or do I have to bite the bullet and do it manually?

Doing it manually takes a very long time since I have to restart the whole instance often, after crashing the vulnerable service.

ChrisNov 16, 2022
I just reached 30% completion in the PWK-200 course. Heading further towards the OSCP... didn't run into any difficulties so far. Now for the next chapter, web application attacks. #oscp