In the previous recipe, we focused on various techniques that can be implemented to bypass the client-side antivirus protection and open an active session. Well, the story doesn't end here. What if we want to download files from the target system, or install a keylogger, and so on. Such activities can raise an alarm in the antivirus. So, once we have gained an active session, our next target should be to kill the antivirus protection silently. This recipe is all about de-activating them. Killing antivirus is essential in order to keep our activities undetected on the target machine.

In this recipe, we will be using some of the meterpreter scripts available to us during an active session. We have an entire chapter dedicated to meterpreter scripts so here I will just give a quick introduction to meterpreter scripts and some useful meterpreter commands. We will be analyzing meterpreter in great detail in our next chapter.