Skip to main content

Configure the Windows Target

While this is not realistic in a production environment, for this evaluation we are going to disable the Windows security so that the implants will run without being impeded by default security settings. Otherwise, as soon as the implant is put on the Windows host, it will be quarantined as a threat (rightly so).

On your Windows target host:

  • Windows Security > Virus & threat protection
  • Under Virus & threat protection settings > Manage settings
  • Under Real Time Protection, turn OFF
  • Under Cloud-delivered Protection, turn OFF
  • Under Automatic Sample Submission, turn OFF
  • Windows Security > Firewall and network protection
  • Turn each firewall OFF

The anti-virus real-time protection likes to turn itself on again after some time. It may be a good idea to add the Downloads folder as an exclusion to be sure.