Excluding Monkey from WDAV and firewalls

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform

https://www.guardicore.com/infectionmonkey/

GNU General Public License v3.0

6.55k stars 763 forks source link

Excluding Monkey from WDAV and firewalls #586

Open ShayNehmad opened 4 years ago

ShayNehmad commented 4 years ago

Is your feature request related to a problem? Please describe. Make sure that Monkey is able to communicate out of Windows machines This can also be a ZT test + MITRE used technique

Describe the solution you'd like As part of the monkey execution (easy to do via registry and netsh), exclude the Monkey from WDAV and firewall

danielguardicore commented 4 years ago

We already do firewall, but we don't do AV. Disabling AV might require a UAC bypass as well.

VakarisZ commented 3 years ago

Manually tested, adding folder to exclusions requires UAC bypass, not so trivial.