I am constantly testing defender and other Anti-Virus products on what they detect and came across this nice tool called SharpKiller. Here is the link to the GitHub Repository where you can read all about it:

https://wwwgithub.com/S1lkys/SharpKiller

Windows Defender did not like the tool and this was running on Windows Server 2022 – Fully patched. Defender actually deletes the .exe file.

Even trying to obfuscate it using these options, did not work:

  • InviShell
  • Amsibypass

Other than that, running it is pretty simple and it patches each instance, ones that are running and any new ones. Here is a screenshot of the Sharp-Killer.exe running and below that the two (2) PowerShell windows:

Quickly patch all your powershell sessions with sharpkiller but beware of defender.
Quickly patch all your PowerShell sessions with SharpKiller but beware of Defender. 1

Instance 8976 and 1752 below:

Quickly patch all your powershell sessions with sharpkiller but beware of defender.
Quickly patch all your PowerShell sessions with SharpKiller but beware of Defender. 2

I also put together a quick video, no audio just showing how each process gets patched when launched, does not matter whether it is elevated or not:

A nice tool to add to your kit. All credit goes to S1lkys

Discover more from COLLABORATION PRO

Subscribe now to keep reading and get access to the full archive.

Continue reading