Skip to content

A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.

License

Notifications You must be signed in to change notification settings

zelon88/Accessibility-Tools-utilmon-Defender

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

Accessibility-Tools-utilmon-Defender

A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.

This script was featured in the how-to blog post "Windows Accessibility Tools… For Hackers Too???" on the HonestRepair Blog.

It is intended to be added to Group Policy Management on a domain or the Local Group Policy Editor on a standalone PC as a machine startup script.

The script hashes cmd.exe (if it exists) and compares it against the hashes for each vulnerable tool in the Ease of Access center (utilmon.exe). A hard-coded hash exists as a default if cmd.exe was moved.

You must download "Fake Sendmail For Windows" and extract all files to wherever you install the Accessibility_Defender.vbs script.

If a compromise is detected the script will create a logfile of the incident and shut down the machine.

About

A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published