This is Part 7 of the Security Metasploit Framework Expert (SMFE) course material. You can begin by watching Part 1 here: http://www.securitytube.net/video/2556 . Enjoy! Certifications page: http://www.securitytube.net/cert-list
In this video, we will look at how to disable the windows firewall and kill the AV after breaking in. The interesting thing to note is that the default script to kill AV in meterpreter which is “Killav” fails with almost all of the latest AVs because it uses a simple exe image name search and tries to kill the processes. However, as most of the AV manufacturers run a watchdog service which is typically unstoppable, this service restarts the AV processes again.
We will learn how to find the services which are running on the system, locate the AV services, change their configurations from the command line and then see how to kill them. Most of this video, has little to do with Metasploit and more to do with how to “do a custom kill” 🙂 After, one cannot be as good as the tools he uses 🙂 Tools are an aid, not a crutch.