Skip to content

matterpreter/DefenderCheck

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
April 10, 2019 08:25
April 12, 2019 08:41
October 13, 2022 12:56
April 10, 2019 08:21

DefenderCheck

Quick tool to help make evasion work a little bit easier.

Warning: As of the 1.337.157.0 Defender signature update, DefenderCheck is classified as VirTool:MSIL/BytzChk.C!MTB. As a workaround while I work to get around this, please disable Real-time Protection in Defender before compiling DefenderCheck.

Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.

Note: Defender must be enabled on your system, but the realtime protection and automatic sample submission features should be disabled.

About

Identifies the bytes that Microsoft Defender flags on.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages