Ghost In The Logs

This tool allows you to evade sysmon and windows event logging.

Sysmon and windows event log are both extremely powerful tools in a defender’s arsenal. Their very flexible configurations give them a great insight into the activity on endpoints, making the process of detecting attackers a lot easier.

Prerequisites

• High integrity administrator privileges

Usage

Starting off

Once you’ve got the latest version to execute it with no arguments to see the available commands

$ gitl.exe

Loading the hook

$ gitl.exe load

Enabling the hook (disabling all logging)

$ gitl.exe enable

Disabling the hook (enabling all logging)

$ gitl.exe disable

Get status of the hook

$ gitl.exe status

Download

Read more here.

Copyright (c) 2020 batsec

Source: https://github.com/bats3c/