README.md

December 5, 2022 ยท View on GitHub

Defender Exclusions BOF

What

A BOF to determine Windows Defender exclusions:

  • Extensions
  • Processes
  • Folders

Why

Examples of using the C++ compiler to create BOFs without the need for the intermediary vtable dereferences.

Building

cd src
make all

Usage

  1. Load dist/cEnumerateDefender.cna
  2. Run in a Beacon:
    • cEnumDefenderException [1-3]

Outputs

image info

image info

image info

Contents

  1. 1Defender Exclusions BOF
  2. 2Examples of using the C++ compiler to create BOFs without the need for the intermediary vtable dereferences.