Ghost-In-The-Logs: evade sysmon and windows event logging

by do son · Published September 23, 2020 · Updated October 25, 2022

Ghost In The Logs

This tool allows you to evade sysmon and windows event logging.

Sysmon and windows event log are both extremely powerful tools in a defender’s arsenal. Their very flexible configurations give them a great insight into the activity on endpoints, making the process of detecting attackers a lot easier.

Prerequisites

High integrity administrator privileges

Usage

Starting off

Once you’ve got the latest version to execute it with no arguments to see the available commands

$ gitl.exe

Loading the hook

$ gitl.exe load

Enabling the hook (disabling all logging)

$ gitl.exe enable

Disabling the hook (enabling all logging)

$ gitl.exe disable

Get status of the hook

$ gitl.exe status

Ghost-In-The-Logs: evade sysmon and windows event logging

Search

Brilliantly

Content & Links

Ghost-In-The-Logs: evade sysmon and windows event logging

Ghost In The Logs

Prerequisites

Usage

Starting off

Loading the hook

Enabling the hook (disabling all logging)

Disabling the hook (enabling all logging)

Get status of the hook

Download

Search

Brilliantly

Content & Links