/StopDefender

Stop Windows Defender programmatically

Primary LanguageC++MIT LicenseMIT

StopDefender

Stop Windows Defender programmatically creating a new token using TrustedInstaller and Windefend service accounts.

One button stop action, no need for supply commandline options nor pid. Usefull for integration with Post Explotation frameworks.

Blogpost

https://www.securityartwork.es/2021/09/27/trustedinstaller-parando-windows-defender/

Presentations

Check Presentations folder

  • [Rootedcon Valencia 2022] Kill -9 Windows Defender

Credits