Disable or Modify Tools

Attackers with the elevated permissions can disable security tools to avoid detection and activities that are being monitored

We can verify Defender is blocking our malicious attempts

We can disable defender utilizing PowerShell, Services, or even GPO Policies, an example is shown below:

Then after Disabling

Note: Something to notice is that Tamper protection blocks this action, ways to block this are via GPO or Registry Keys

Then after disabling any malicious attempts are able to be executed

Last updated 2 years ago