Disable AV

Backstab

Backstab is a tool capable of killing antimalware protected processes by leveraging sysinternals’ Process Explorer (ProcExp) driver, which is signed by Microsoft.

GitHub - Yaxser/Backstab: A tool to kill antimalware protected processesGitHub

Disable Defender

Assuming tamper protection is off

Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true

PreviousEvading Defender with CobaltStrike NextAMSI Bypass

Last updated 2 years ago