StopDefender

Stop Windows Defender programmatically using Steal token from TrustedInstaller and winlogon processes.

One button stop action, no need for supply commandline options nor pid. Usefull for integration with Post Explotation frameworks.

Blogpost

https://www.securityartwork.es/2021/09/27/trustedinstaller-parando-windows-defender/

Credits

GitHub

View Github