Stop Windows Defender programmatically

You might also like...
An asynchronous directory file change watcher module for Windows, macOS and Linux wrapped for V

A V module for asynchronously watching for file changes in a directory. The module is essentially a wrapper for septag/dmon. It works for Windows, macOS and Linux.

WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 ready
WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 ready

Detection Script to help identify why your PC isn't Windows 11 ready

C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector C/C++ Windows Process Injector for Educational Purposes. What does this software do? This is a simple process injector that uses the C

Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in order to find the patterns.
Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in order to find the patterns.

Back 2 the Future Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates i

Windows kernel hacking framework, driver template, hypervisor and API written on C++

Windows kernel hacking framework, driver template, hypervisor and API written on C++

simple and efficient screen recording utility for Windows

wcap Simple and efficient screen recording utility for Windows. Get latest binary here: wcap.exe press Ctrl + PrintScreen to start recording monitor (

A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.

Instrumentation callbacks are quite a fun undocumented part of Windows. All the code in this repository is released under the MIT license. This repository uses google style C++.

minimal msvc-windows exclusive lazy importer for C++

Lazy-Importer minimalistic msvc-windows exclusive lazy importer for C++20 (c++2a) Credits 0x90 (@AmJayden) @gogo9211 What is this? This lazy importer

A simple Windows kernel rootkit.
A simple Windows kernel rootkit.

Venom RootKit A simple windows rootkit that I have wrote, In order to explore a bit about the world of rootkits and windows kernel in general. The Ven

Comments
  • WinDefend Service: OpenService failed (5)

    WinDefend Service: OpenService failed (5)

    Hi there,

    I was trying to execute the StopDefender today and I realized it gets "Access Denied" (5) error when it tries to open WinDefend service. I think Microsoft updated something in Feb '22 because I was able to execute it in the same machine in January. I will write some more details if I can debug the issue. Here is the command output:

    [+] TrustedInstaller already running
    [+] TrustedInstaller Service Started!
    [+] Current user is: x
    [+] Winlogon process found!
    [+] TrustedInstaller process found!
    [+] WINLOGON OpenProcess() success!
    [+] WINLOGON OpenProcessToken() success!
    [+] WINLOGON ImpersonatedLoggedOnUser() success!
    [+] WINLOGON Current user is: SYSTEM
    [+] TRUSTEDINSTALLER OpenProcess() success!
    [+] TRUSTEDINSTALLER OpenProcessToken() success!
    [+] TRUSTEDINSTALLER ImpersonatedLoggedOnUser() success!
    [+] Current user is: SYSTEM
    [+] OpenSCManager success!
    [-] OpenService failed (5)
    [-] TRUSTEDINSTALLER StopDefenderService() Error: 5
    opened by OccamsXor 2
  • StartService failed (1056)

    StartService failed (1056)

    PS C:\Windows\system32> C:\Users\dev\Desktop\StopDefender.exe [+] SeDebugPrivilege enabled! [+] OpenSCManager success! [-] StartService failed (1056) PS C:\Windows\system32> C:\Users\dev\Desktop\StopDefender.exe [+] SeDebugPrivilege enabled! [+] OpenSCManager success! [-] StartService failed (1056)

    windows 10 1909 x64

    opened by wgetnz 2
  • Operation did not complete successfully because the filecontains a virus or potentially unwanted software.

    Operation did not complete successfully because the filecontains a virus or potentially unwanted software.

    Compiling and running with VS 2019 display the it? Maybe it's because of the version change?

    ENV:

    • Visual Studio 2019
    • Microsoft Windows NT 10.0.19044.0 (Win10 21H2)
    • .NET 6.0.8
    • DPI 144dpi (150% scaling)
    opened by XMuli 0
  • Create LICENSE

    Create LICENSE

    @lab52io Publishing without a license means YOU ARE ONLY SHOWING YOUR CODE, YOU ARE NOT SHARING IT. Open-source is not open-source without a license, so GitHub recommends that a license is added.

    opened by Tyler887 0
Releases(Version1.0.0)
Owner
lab52.io
Lab52 is the threat intelligence division of S2 Grupo, an international cybersecurity company that offers its services around the world.
lab52.io
Play Doh Windows ACL Tools

PDAcl 是一个支持Windows活动目录扩展权限设置、Windows活动目录常规权限设置、Windows服务权限设置的命令工具。

倾旋 60 Sep 14, 2022
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Ido Westler 156 Oct 1, 2022
Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) s

Clément Labro 395 Oct 4, 2022
CVE-­2021­-1732 Microsoft Windows 10 本地提权漏 研究及Poc/Exploit开发

CVE-2021-1732 CVE-2021-1732 Microsoft Windows 10 本地提权漏 研究及Poc/Exploit开发 受影响系统及应用版本 Windows Server, version 20H2 (Server Core Installation) Windows 10

null 75 Aug 23, 2022
Windows user-land hooks manipulation tool.

MineSweeper Windows user-land hooks manipulation tool. Highlights Supports any x64/x86 Windows DLL (actually, any x64/x86 Windows PE for that matter)

Arsenii Pustovit 130 Aug 10, 2022
Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux. Its main purpose is to help developers visualize the execution flow of a complex application.

Google 2.8k Oct 2, 2022
Windows x64 rootkit

P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments

null 7 Jul 22, 2022
AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows

AlleyWind AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows. AlleyWind could: Displays a graphic

KNSoft 21 Aug 28, 2022
WinMerge is an Open Source differencing and merging tool for Windows.

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

null 3.4k Oct 2, 2022
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

NoPatchGuardCallback x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code Read: https://www.godeye.club/2021/05/22/00

Kento Oki 123 Sep 25, 2022