Chris

@[email protected]
6 Followers
14 Following
19 Posts
Infosec, Offensive Security, 3D Printing
Show threadChrisMay 24, 2024
@Euph0r14 @bontchev Don't worry, MS is changing everything to AI, which will make all these crutches unnecessary, provide perfect security and save the world, all at once!
ChrisMay 24, 2024
VessOnSecurityMay 24, 2024

Oh, cool somebody finally figured it out...

As you probably know, the Microsoft Security Center has an API that lets you query which AV is installed and whether it is up-to-date.

What is less well-known, is that it also has another, not publicly known API, that lets you tell it "I'm installing another AV now, please disable Defender". This is what all other AV products use. Microsoft has provided to them documentation of this API but under NDA.

Many years ago, I made a proof-of-concept - a small VBScript script that would use this API via WMI to "install" an imaginary AV, thus turning off Defender - but since it was based on information learned under NDA, I obviously couldn't make it public.

Now somebody has reverse-engineered the API from AVAST and has done pretty much the same (albeit a bit over-complicated) in C++:

https://github.com/es3n1n/no-defender

GitHub - es3n1n/no-defender: A slightly more fun way to disable windows defender + firewall. (through the WSC api)

A slightly more fun way to disable windows defender + firewall. (through the WSC api) - es3n1n/no-defender

GitHub
Show threadChrisNov 12, 2023
@jkbecker @GossiTheDog I laughed so hard, I peed a little. Thanks for this.
Show threadChrisNov 30, 2022
@BobertHepker Yeah, I guess AD will be a lot of work for me, too, since I have no experience with that. For BOF I could rely a bit on my C/C++ and asm experience. A friend of mine also failed his first try at the OSCP exam due to AD, but he passed afterwards. If I can't get through that topic I might have to ask him to coach me a bit.
ChrisNov 29, 2022

OSCP progress: Yay, first BOF (Windows) completed, shell obtained!

Now I think I got a shot at this.

Question for those who got their OSCP or are through the course material: on a scale from 1 to 10 how difficult was your first BOF and how difficult on that scale was the most difficult thing from the course material for you?

ChrisNov 29, 2022
@BobertHepker Oooh, very nice! Thanks a lot! Especially the mona commands, I didn't know those. Also thanks for the cheat sheet. 🙂​
Show threadChrisNov 29, 2022
@BobertHepker Thanks, that would be great!
ChrisNov 28, 2022
@ghostsarespooky Thanks!
ChrisNov 28, 2022
@ghostsarespooky Ah thanks, tedious but short is ok 🙂​
ChrisNov 28, 2022
@ghostsarespooky Thanks, it's bearable when you know there's no better way. I could kick myself, though, when I do all the work manually and then see a better way afterwards. :)