Ghost-In-The-Logs: evade sysmon and windows event logging
Ghost In The Logs
This tool allows you to evade sysmon and windows event logging.
Sysmon and windows event log are both extremely powerful tools in a defender’s arsenal. Their very flexible configurations give them a great insight into the activity on endpoints, making the process of detecting attackers a lot easier.
Prerequisites
- High integrity administrator privileges
Usage
Starting off
Once you’ve got the latest version to execute it with no arguments to see the available commands
$ gitl.exe
Loading the hook
$ gitl.exe load
Enabling the hook (disabling all logging)
$ gitl.exe enable
Disabling the hook (enabling all logging)
Get status of the hook
$ gitl.exe status
Download
Read more here.
Copyright (c) 2020 batsec
Source: https://github.com/bats3c/