I am constantly testing defender and other Anti-Virus products on what they detect and came across this nice tool called SharpKiller. Here is the link to the GitHub Repository where you can read all about it:
https://wwwgithub.com/S1lkys/SharpKiller
Windows Defender did not like the tool and this was running on Windows Server 2022 – Fully patched. Defender actually deletes the .exe file.
Even trying to obfuscate it using these options, did not work:
- InviShell
- Amsibypass
Other than that, running it is pretty simple and it patches each instance, ones that are running and any new ones. Here is a screenshot of the Sharp-Killer.exe running and below that the two (2) PowerShell windows:
![Quickly patch all your powershell sessions with sharpkiller but beware of defender. Quickly patch all your powershell sessions with sharpkiller but beware of defender.](https://www.collaborationpro.com/wp-content/uploads/2023/12/image.png)
Instance 8976 and 1752 below:
![Quickly patch all your powershell sessions with sharpkiller but beware of defender. Quickly patch all your powershell sessions with sharpkiller but beware of defender.](https://www.collaborationpro.com/wp-content/uploads/2023/12/image-1.png)
I also put together a quick video, no audio just showing how each process gets patched when launched, does not matter whether it is elevated or not:
A nice tool to add to your kit. All credit goes to S1lkys